Security Flaw In Truecaller Android App Exposes Data of Millions of Users

An anonymous reader writes about a newly found vulnerability in Truecaller: Security researchers have found a flaw in Truecaller, a popular service that indexes phone numbers and helps users block spammers and telemarketers. An article on Softpedia explains the vulnerability, "When users first install the Android app, they are prompted to enter their phone number, email address, and other personal details. This information is verified by phone call or SMS message. Upon opening the app for the second time, no login screens are shown. In a proof-of-concept code shared with Softpedia, researchers were able to retrieve personal details for other users based on an IMEI code just by interacting with the app's servers. The servers exposed data such as the user's Truecaller account name, his gender, email address, profile image, home address, and whatever else was stored in his profile. Additionally, the IMEI code also allowed the researchers to modify account settings."