Android devices are at risk once again! Researchers found big loophole in famous app “Truecaller”!

The security researchers of Chinese mobile security company “Cheetah Mobile Security”, found a major loophole in famous application “Truecaller”. It is a very famous call management application, used by all most every android user.

How this loophole is dangerous?

Truecaller, only uses the IMEI number of devices for the identity. So if anyone have the IMEI number of any device, he can steal the personal information of Truecaller users. This major security flaw is allowing everyone to steal sensitive data of any Truecaller user. Approximately 100 Million Android devices are at risk, which are using Truecaller.

Hackers can steal information regarding home address, mail box, phone number and gender by exploiting this vulnerability. Hackers can also make changes in device to malicious phishing purposes.

What can hackers do by exploiting this vulnerability?

First of all, hackers can steal all the sensitive information of users which include email, personal photos, address, usernames etc. Hackers can also make changes in the setting of application for their own use. Later hackers could use these setting to spread malware. Hackers can also disable the setting in devices, which are helpful for users to protect their devices from spam and third party malicious links. Hackers could also delete user’s contact black list.

How “Truecaller” respond to it?

This vulnerability was reported by the security researchers of “Cheetah Mobile Security” to the developers of “truecaller” within the hours after the found it. Therefore developers of truecaller got more time to fix this issue. This issue has been fixed by the truecaller now and they have also released an Update for their app.



Suggestion for Users

This vulnerability has been fixed by the Truecaller in the latest version of application. So update your application as soon as possible. According to a report released by Truecaller, a number of android users are still using old version of “Truecaller” which is vulnerable. To protect your device from malwares and attackers, update your application. Because every outdated application is a malware.