Truecaller is arguably the most popular Caller ID app in the world, and especially so in India, where the app has gained cult-like status. Having said that, a large number of users are wary of using the app because of privacy fears and worries over data security. The notion that Truecaller siphons your address book to its servers, tracks your location, read your messages is not new, but the company wants to address these and several other similar concerns.

In a telephonic conversation, Manan Shah, Truecaller’s Marketing Director, told us that people are right to worry about apps having too much access to data, but that’s not how Truecaller works. In fact, Shah took us through all the permissions that the caller ID app requires to work well on Android and iOS phones, as well as how the app collects and collates contacts data.

Building The Database!

We all know how Truecaller actually works, right? If you receive a call from an unknown phone number then the app acts as a universal phone directory and identifies the caller. But the question that users have is how does it know the names of people if it’s not just taking data from their contacts list. Here’s how Truecaller gets that info.

Complying With Apple and Google Policy

According to Shah, the most common misconception about Truecaller is that it reads all of your contacts and uploads them to its servers to build a massive database.

Well, that’s not actually the case, because of a very simple reason. Both Google and Apple do not allow developers to upload address books to their own servers, however, they can access them on-device for services such as the dialer, messaging, and more.

Google Play Developer Policy
Apple App Store Review Guidelines

Shah specifically stressed this point saying “We are 100% compliant with these policies. We do not upload the phone book from users who download the app from Google Play Store and Apple App Store.”

Truecaller has been totally compliant with the app policies of both stores since the beginning. The app even took a lot of stringent measures, allowing users to view and delete records even before GDPR came into play.

He then explained that Truecaller hasn’t been using the address book of its users to build out their database since 2012, which is when the privacy policies came into effect on both Google Play and Apple App Store.

Crowd-Sourcing Data

Shah told us the platform works thanks to its community, where users submit the data and help others identify the numbers. “We have a huge community of users. We have more than 250 million registered users across the world, who are contributing to the community.”

He further added, “When you receive a call from an unknown number and if Truecaller isn’t able to identify that number, then you as a user has the option to suggest the name after you’ve had the conversation.”

If you’ve ever used Truecaller, you would know that it shows a popup with info about unknown callers at the end of the call. It’s this popup that help the Swedish company grow its database.

Once you’re done talking to an unknown caller (on Android), whose information was not available on Truecaller’s database, a popup shows up, asking you to edit the contact info same, with the ‘edit’ and ‘tag’ options. It is from here that the company crowdsources the data and adds to its database and not directly from your address book.

Additionally, Truecaller has also signed up global data partners that help provide the Swedish giant access to publicly listed numbers for business and traders.

Permissions Galore?

Now that we’ve cleared the air around the phonebook myth, let’s talk about the permissions, which sure look like a chaotic mess but they are all being put to use in one way or another for real features. We first wanted to know why Truecaller required the location of users.

truecaller location 2

The location permission is one of the primary concerns for users, who may think that the app is tracking them in real-time.

To this, Shah said, “We are not surveying you. We’ve not put anybody under surveillance using that location permission. We do not have the bandwidth or the resources for that. We are a company run by 150 people, we don’t really do 99.9 of the things we’re accused of.”

Location Tracking

He then went on to explain why location services are needed. For one, you need it to share your location via Flash Messages (if you actually use them) in the Truecaller app.

Truecaller also uses this data to organize the regional ‘spam list’ in a country, so it can notify you of spam callers that are most likely from your city or adjacent area. Shah then added how the spam list works –

“Two years back, we (Truecaller) made our spam identification algorithms even better, saying if you’re a person who lives in Delhi then the chances of you getting a spam call from Chennai are very low. Instead, your number will get more spam calls from the adjoining areas – most probably from the Delhi and NCR region.”

india spammers truecaller
Image Courtesy: Truecaller Insights

Finally, the location permission also works silently in the background to show where someone is calling you from. It’s because mobile numbers don’t have STD codes, and it’s harder to pinpoint the location of a number based on the digits alone, so getting to know the location of an unknown caller is a genuine problem that Truecaller is aiming to solve.

Yeah, everything in the Truecaller app is permission-based and users can choose whether to allow these permissions. The app will still continue to function, but there’s a possibility that many of its features might not function properly.

If you’re still concerned about the permissions that Truecaller needs, you can read about the need for each of them on the company’s support page right here.

So that’s a little about how Truecaller works, and we hope it does clear the air on some of the concerns about data security and privacy. If you have any other questions you want to get answered, do drop us a line below so we can get the company’s comments on them.