Skip to main content

TrueCaller in Turmoil: The Silent Databases You Never Agreed To

TrueCaller in Turmoil: The Silent Databases You Never Agreed To


TrueCaller in Turmoil: The Silent Databases You Never Agreed To

April 14, 2022


“You have my number but don’t have my consent”. This was a critical marketing statement from TrueCaller in its campaign against the harassment of women through their mobile phones called #ItsNotOk. And while this is a noble campaign, to be sure, it would be hard to not see the irony in that quote, considering the history of TrueCaller when it comes to consent and using the information they received.

TrueCaller is a smartphone application developed by True Software Scandinavia in 2009. They have the company vision of providing services to identify incoming calls from unknown numbers to help block spam callers, organize inboxes, and promote user safety. However, this company vision cannot be achieved correctly if this database is compromised, which was the case with TrueCaller.

What is the relationship between TrueCaller and India?

For TrueCaller, India is the largest market, with over 220 million active users. India accounts for about 70% of TrueCaller’s 300 million active users worldwide. TrueCaller is also used by around 50% of Indian smartphone users, up from 35% just two years before. This number is expected to grow as estimates calculate that India could have around 700-800 million actively connected smartphones by the end of 2024.

In addition, the country is home to a significant portion of its workforce, with 170 of its roughly 300 employees in India. So, there may be questions about how TrueCaller will handle the new Personal Data Protection Bill drafted and examined in the Indian Parliament. This Bill has been worked on and amended from the original draft back in 2019 and aims to provide a stronger foundation and a comprehensive legal framework for data protection.

TrueCaller is a smartphone application with caller ID, call blocking, flash messaging, call recording, chat and VoIP features.

A multi-week investigation was conducted by The Caravan to highlight the profit made by TrueCaller due to the current lack of a comprehensive legal framework for data protection in India. The report published by The Caravan states that people’s sensitive data is being made public without their consent. The author of The Caravan report was contacted by a journalist in Pakistan who could identify the author by name, phone number, and WhatsApp account using TrueCaller without being made aware their information was being used. A person lost deals that could have been worth over $13,000 as a systems engineer and business director because of promotional messages being sent to contacts from their phone without their consent. TrueCaller is silently building its massive database through third-party APIs and has acquired around 5.7 billion phone numbers with the identities of the persons attached to them.

Is TrueCaller taking advantage of India’s lack of a legal framework to publicly display these users’ private information?

Co-founder Alan Mamedi denies taking advantage of India’s lack of a comprehensive legal framework to publicly display users’ private information without their consent. This personal information included a user’s phone number, designation, organization name, and other metadata without permission. Additionally, it could be determined if the user’s number is used on WhatsApp. TrueCaller responded to the allegations by promising that users’ data is safe and reaffirming that TrueCaller does not sell users’ data. The Stockholm-based company also said it has strict security and governance measures in its statement. Furthermore, TrueCaller appears bullish on its growth potential and does not feel the proposed new Personal Data Protection Bill will affect its profit.

However, The Caravan’s report also indicates that the company may be building a complete financial profile of its registered users, again without their consent. TrueCaller also denied its claims that the company may be creating financial profiles of its users: “TrueCaller cannot build financial profiles. In addition, we would like to point out that TrueCaller exited the UPI and payments business in March 2021. We have exited both UPI and payments, as well as digital lending. Digital lending was on a trial basis, in partnership with NBFCs.”

TrueCaller And The Balance Between The Public Good And The Value of Privacy?

TrueCaller points out that it is committed to complying with over 150 data regulatory regimes and regulations to which the company is subject. TrueCaller defines its privacy policy as robust and protective of users’ rights. However, in discussions in New Delhi about future Indian legislation, the Swedish company says that “an individual’s expectation to keep their name and phone number private when making a call is outweighed by the critical public interest and public safety concerns that caller ID addresses.”
TrueCaller is optimistic about its growth in India as Alan Mamedi’s company does not see any potential challenges to the company’s growth due to the country’s upcoming data protection law. On the contrary, the company states it fully complies with Indian regulations. That said, the biggest challenge will be locating and moving all the servers and infrastructure to India.

Finally, TrueCaller’s statement individually answers all the allegations made in The Caravan report. The company said that it relies intensely on its trust and communication with its users and assured people that it handles their data securely. The Swedish company is committed to complying with the Indian regulations as soon as they appear.

As with many international applications, care must be taken in using and transferring this personal data and its social establishment. TrueCaller is committed to respecting privacy principles by limiting the collection and use of data to that which is relevant to their services. Data protection concepts are different in different countries and can be interpreted and understood in different ways. TrueCaller’s mission is to build trust in communication, but there must be honesty and accountability for trust to be established. We hope that future Indian legislation will allow TrueCaller to control data collection if they do not decide to relocate to a more flexible country regarding data protection.

Victoria MyData-TRUST

Victoria Derumier

Data Protection Manager

If you want to contact us

Contact us