A bug in caller-ID app Truecaller risked its users’ financial data on Tuesday, 30 July. The app, which helps people avoid spam callers, started registering users to the Unified Payment Interface (UPI) account with ICICI Bank without their permission.
Truecaller’s payment service works in India through the its payments partner ICICI Bank, which facilitates UPI service for the platform.
The bug in Truecaller became active when one downloaded the app’s 10.41.6 update.
This is a clear breach of privacy, as people who don’t have accounts with ICICI Bank are getting enrolled, that too without their permission.
UPI has become a strong force in the country’s push for digital payments, with technology giants like Google, Amazon and Paytm leading the charge.
Having said that, the platform has its own set of issues, with more players joining the ranks, and this episode courtesy Truecaller is concerning as people could lose their hard-earned money if there’s a mishap.
Affected Users Asked to Manually De-register; New Update to Fix the Bug
Truecaller released a statement confirming the presence of the bug. The company will be releasing a new version with a fix now. It told inFeed
“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version.”