Just Go to TrueCaller if You Want to Dial Chidambaram!

Swedish app can access unlisted numbers of India's who's who Unlisted private mobile phone numbers of Cabinet ministers such as Kapil Sibal and P Chidambaram,top industrialistssuch asMukesh Ambani and Sunil Mittal, celebrities such as Shah Rukh Khan and Sachin Tendulkar are among millions of Indian numbers listed on the database of a Scandinavian app maker, thanks to unsuspecting smartphone users who let the app harvest their phone's contact list.  TrueCaller, a popular app built by a Swedish company, lets users look up the owner of a phone number. So if you get a missed call from a number you do not identify, you can search on the TrueCaller app or its website to see the owner of that number. However, every time a user downloads the app, and enables a function called 'Enhanced Search', it asks your permission to "securely send your phone book contacts to our servers".  Caught in Call Trap? What's the App TRUE CALLER  Function?  Reverse directory search. Put in a number, know who it belongs to.  How?  Partly public directories, partly by harvesting the phone books of millions of users who download the TrueCaller app. So even if you didn't agree, your number might be on the True Caller database because a friend downloaded the app. Has 1.6 million Indian users.  What can You Do?  Find out if your number is part of the database on Truecaller.com. Use the unlist option at the bottom of the website to remove your number. App's Database a Giant, Collective Phone Book  When the user grants permission to "securely send phone book contacts to our servers", the app harvests the phone's contact list.  What the app doesn't tell you, unless you read the detailed terms of service, is that these numbers then become part of a publicly searchable database. So every time a user downloads the app, his entire phone book becomes part of a public database without the consent of the people who own those numbers. The app's database, essentially, is a giant, collective phone book. The mobile numbers of nearly every Indian Cabinet minister, heads of intelligence agencies such as the Intelligence Bureau and Department of Revenue Intelligence, and CEOs of India's largest companies are all on the database.  According to Alan Mamedi, COO and co-founder of app-maker True Software Scandinavia AB, the app has 1.6 million Indian users. India is the app's single-largest market, accounting for nearly half of its user base. Assuming an average of 100 contacts per phone book and allowing for duplicates, the company now owns a database of 50-80 million Indian phone numbers. Because many people save contacts with names and work identities — 'Ramesh Pepsi', for instance, for someone who works at the cola company — the database has not just the corresponding name for a number, but quite often, work or business-related information as well. A breach in the database of this small Swedish firm would compromise a vast amount of private information. Telecom analyst Mahesh Uppal said the company's practice of harvesting phone books was dubious. "Mobile phone numbers are not meant to be publicly accessible. It can reach you at a place and time inconvenient to you, so it risks invading your privacy. And when it is not voluntary, like in this case, it is clearly a problem." Mamedi says the company makes all efforts to keep the database secure. "Our engineers are experienced in this field and we have our own architecture," he told ET on phone from Stockholm. However, far bigger companies with larger budgets and expertise routinely fall prey to hacking attacks. Earlier this month, business-networking site LinkedIn, which has 150 million members, fell victim to an attack when some 6 million passwords were stolen and posted online.  Mamedi says the company does not allow users to search for a name and get that person's number. But on its website, Truecaller.com, when a user types in a few digits of a phone number, the site provides a prompt — similar to an autocomplete form for email ids — with other numbers that start with those digits. These numbers, and corresponding info, can be legitimately harvested and used by telemarketers. Mamedi said a user can only search up to 10 numbers a day. This reporter was able to search a much larger number. TrueCaller was launched in 2009 and, according to Mamedi, India has always been a large market for the company. It does not disclose financial information. Mamedi said TrueCaller has never been targetted by hackers.