Bug in Truecaller Update Registers Users on UPI Without Consent
A bug in caller-ID app Truecaller risked its users’ financial data on Tuesday, 30 July. The app, which helps people avoid spam callers, started registering users to the Unified Payment Interface (UPI) account with ICICI Bank without their permission.
Truecaller’s payment service works in India through the its payments partner ICICI Bank, which facilitates UPI service for the platform.
The bug in Truecaller became active when one downloaded the app’s 10.41.6 update.
UPI has become a strong force in the country’s push for digital payments, with technology giants like Google, Amazon and Paytm leading the charge.
Having said that, the platform has its own set of issues, with more players joining the ranks, and this episode courtesy Truecaller is concerning as people could lose their hard-earned money if there’s a mishap.
Affected Users Asked to Manually De-register; New Update to Fix the Bug
Truecaller released a statement confirming the presence of the bug. The company will be releasing a new version with a fix now. It told The Quint,
Truecaller claims that the affected version of the app has been discontinued and users will no longer be registered automatically.
The bug came to light after a user on Twitter shared his concern, as a UPI account was created with ICICI Bank without the person asking for it.
Truecaller Fixing the Bug, We Will Ensure Action if It’s Found Non-compliant: NPCI
After the incident came to light, the National Payments Corporation of India (NPCI), the makers of UPI ecosystem said they have been updated about the situation. NPCI’s Managing Director and CEO Dilip Asbe said,
Truecaller hasn’t officially detailed the reason for the bug, but has clarified that no third-party entity has got access to the users’ payment details.
The company started offering its service through Truecaller Pay, which is integrated into the main app. It’s possible that the bug intervened with the SDK (Software Development Kit) of the payment service, and triggered the registration process, for which the app already has user’s permission to send/receive messages.
It claims that every tenth user on Truecaller has signed for its payment service, which means, more users are likely to have been affected by the bug.
(Make sure you don't miss fresh news updates from us. Click here to stay updated )