In today’s Finshots, we explain why an investigative financial research group thinks that Truecaller is invading the privacy of Indians

But before we get to today’s story, if you’re someone who loves to keep tabs on what’s going on in the world of business and finance — why aren’t you subscribed yet? We’ll send you this newsletter every morning with crisp financial insights straight to your inbox. Subscribe now!

If you’re already a subscriber or you’re reading this on the app, you can just go ahead and read the story. :)


The Story

You know Truecaller, of course.

It helps you deal with spam calls — weeds out folks who sell you credit cards, insurance policies and trading accounts. And since India has the dubious distinction of being the spam capital of Asia, Truecaller has been a lifesaver.

But not everybody is convinced that Truecaller is a benign enterprise trying to rid India of spam calls. Especially Viceroy Research. They’re a research company putting out reports on publicly traded companies. And their end objective is to find dodgy companies with suspect financials and make money off of betting against the stock. And their latest target is Truecaller. In a scathing report headlined ‘Truecaller’s True Colors’, they’ve taken down the company’s business model bit by bit.

Now Truecaller isn’t listed in India. It’s actually listed on the Nasdaq Stockholm Exchange. But the company earns over 70% of its revenues from India and the report features Truecaller’s many indiscretions committed within our borders.

So this report does hold some value especially when you consider that Viceroy has previously lifted the lid on the €2 Billion accounting scandal at Wirecard.

And with that introduction out of the way, let’s ask the big question — What does the report actually contain?

Well, the most damning allegation is this — Truecaller doesn’t care about your privacy if you’re in India.

Now you could argue that privacy is a myth. We hand over our data to people on a whim. But what if you haven’t explicitly signed over your data? What if companies still manage to get their hands on your personal information and monetise it?

Well, that’s the allegation against Truecaller.

For instance, look at how Truecaller builds its massive database of users. Once someone installs the app, Truecaller seeks permission to access their phonebook. They look at the phonebook and scrape all the user’s contacts. The list of contacts could even include you — even if you haven’t downloaded or registered with Truecaller in the first place. You are now a part of their database even though you didn’t explicitly consent to any of this. All because you were a part of someone else’s contact book. And that someone inadvertently signed away your privacy rights when they installed Truecaller.

Hold on…how does Google’s Play Store allow such a blatant invasion of privacy, you ask?

Well, it doesn’t. It doesn’t allow an app to publish details of a person’s contact information if they haven’t offered explicit consent.

So Truecaller resorts to a couple of tricks.

Firstly, it has deals in place with phone manufacturers that pre-install the app on Android phone sets. And secondly, it nudges people to sign up using web browsers. In both these cases, it is able to bypass the Play Store policies.

The end result?

While it only has 300 million monthly active users, it has a database of a staggering 5.7 billion contacts!

But that’s not the only thing.

A few years ago, Europe introduced something called General Data Protection Regulation (GDPR). It’s a bunch of regulations aimed at protecting people’s privacy. For example, let’s assume that someone living in France signed up and gave Truecaller access to their contact list. Truecaller wouldn’t be able to scrape the phonebook and add names and numbers to their database because GDPR prohibits such activities.

But Truecaller decided to find a way around this. It moved all its data centres to India and in some ways, it became an "Indian" company to bypass GDPR. After all, India doesn’t have a data privacy and protection bill yet. So they could argue that the GDPR isn’t applicable to Indian users. But Viceroy Research believes otherwise. They argue that the GDPR is applicable to all its users — Even Indian users, despite them moving their data centres to India.

Also, Truecaller doesn’t always behave like an Indian company. For taxation purposes, Truecaller becomes a Swedish company (since India has a higher corporate tax rate) and that’s another charge Viceroy Research has made.

And it gets worse.

A few months ago, The Caravan ran an investigation looking into Truecaller’s business practices. It pointed out that a feature called ‘Enhanced Search’ was auto-checked whenever a mobile phone came pre-installed with Truecaller,

In the company’s own words, “By enabling Enhanced Search, your contacts are securely shared with Truecaller.” That meant users automatically shared everything with Truecaller — names, numbers, email addresses etc.

Now Truecaller responded to this allegation and said, and we quote: “This is factually incorrect — Enhanced Search is never auto-checked and is consent driven irrespective of where the app is downloaded from.”

But that’s not true. Viceroy Research investigated this claim and found that until 28th September, this feature was auto-checked on the signup screen for new users in India.

Source: Viceroy Research report

Also, here’s something else that The Caravan found.

Truecaller has access to your phone book. But it also has access to your SMS inbox. Inside the inbox, you may have messages related to bank transactions. And the allegation is that Truecaller built financial profiles using this information. When Caravan spoke to a former employee here’s what they said 

“Apart from tracking your calls, their duration and your most and least favourite contacts, the Truecaller software can build your detailed financial profile as it has access to your SMS feature,” the former employee said. They confirmed that the company’s algorithm can read the content of text messages. “With a special feature called ‘sms categorizer’ the Truecaller software is able to recognise personal, high priority (bank OTPs and transactions), and also spam messages of its registered user.” This ability, they added, could allow the app to send loan offers to people when their bank balance goes down below a certain limit. Truecaller already has a short-term loan facility up to Rs 5 lakh for its registered users without much paperwork. The company has a financial partnership with firms such as Whizdm Innovations, which offers personal loans.”

Now Truecaller rubbishes these claims (You can find the full statement here). But with the Viceroy report levelling such serious allegations, it remains to be seen whether Truecaller goes out of its way to assuage users.

Until then…

If you learnt something new, why not share it with your friends? Share this story on WhatsApp, LinkedIn and Twitter


Ditto Reviews: Quality above all else

Three things you'd want in a good insurance advisor. Knowledge, Patience and the ability to stay the course. Ditto advisors exemplify all three. So if you're looking to buy an insurance policy

  1. Just head to our website —Link here

2. Click on “Book a FREE call”

3. Select “Health" or "Term Insurance"

4. Choose the date & time as per your convenience and RELAX!

Our advisors will take it from there!