User Expresses Privacy Concerns After Software Update Replaces Default Phone App

An anonymous reader writes: Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) -- which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system. Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn't hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as 'truecaller' -- something I had never heard of, shoot, I didn't even know the dialler is an app -- it gave rise to a bad suspicion: Is some of my phone's core functionality now provided by a 3rd-party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not. On top of this, Truecaller doesn't seem to have a clean background. Here's how an Indian daily (Truecaller seems to be popular in emerging regions) described the app: Truecaller is a popular app that shows you contact details of unknown numbers calling you. It crowdsources contact details from all its users' address books. So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.

Re:Truecaller

[Aaden42]

No big deal to you.

Ask everyone in your contact list if they mind their name & number (and possibly the rest of their contact "card" including picture, emails, etc.) being uploaded to some unknown server run by a company with unknown privacy policies.

Re:Truecaller

[mysidia]

It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use. Phone numbers may not be public information, but they're not secret either --- once you give it out, you no longer have strong control over it.

If you don't want someone storing your contact information on their phone (Which typically includes their cloud-based addressbook Google Contacts, Apple iCloud Contacts, Truecaller, Etc), then do not give that person your phone number.

Re:Truecaller

[Gravis+Zero]

It's none of their business where you store your contact list. If they trusted you with your phone number; it is your choice what phone and/or what service provider(s) to use.

What a perfectly selfish attitude. The point is they trusted you with the number and you turned around and gave it to a company without asking if it was ok. I would call that a breach of trust.

TOS wouldn't fly in most jurisdictions

Truecaller’s app is allowed to collect...
(scary list of stuff snipped)...
The app’s terms of service offer an important addendum: “If you provide us with personal information about someone else, you confirm that they are aware that You [sic] have provided their data and that they consent to our processing of their data according to our Privacy Policy.”

That's a pretty darn weak fig leaf. In most legal jurisdictions, a third party can't make a legally binding commitment on my behalf merely by asserting that they told me about it and I was OK with it.

I suppose the intent is to try to shift liability in the event someone sues them. "Sure, we collected your data, but Bob gave it to us and told us you were OK with it. So take it up with Bob!" I am dubious that they would succeed with such an argument, but I guess maybe it's slightly better than nothing?

Re:Wileyfox Swift Owner here..

[mrchaotica]

GIven the shady behavior, I have to question whether the phone uses actual CyanogenMod (or rather, LineageOS, these days), or if it uses a vendor-controlled fork of CyanogenMod that the vendor infected with malware. It could be that everyone who bought the device was trojaned from the beginning and didn't realize it because of the branding.

Re:Truecaller

[mrchaotica]

There's a spectrum of acceptability here. I was* okay with Google knowing my contacts because it's clearly necessary in order to (for example) make Gmail or Google Voice work properly. However, I'm not okay with LinkedIn exfiltrating my entire address book just because I installed their Android app (because my entire list of contacts is absolutely not either required nor desired in order to use LinkedIn). This Truecaller app is even worse than that.

(* This was before they started tying everything to everything else such that contact info now shows up in Google Maps and whatnot. Now I'm in the process of ditching Google entirely.)