Swedish startup Truecaller fixed a problem in its app after Chinese company Cheetah Mobile discovered a flaw that left over 100 million users vulnerable to having their personal information leaked online, The Register reports.
Truecaller is an enhanced dialler app for Android phones that flags up who is calling, instead of just showing a phone number.
Cheetah Mobile security researchers say that the way Truecaller identified its users meant that they were vulnerable to having data including their phone number, address, and gender leaked.
Truecaller used the IMEI numbers of phones as the identifying factor to tell its users apart. The International Mobile Station Equipment Identity is a long string of numbers that’s meant to be unique, but the flaw in Truecaller’s system was that anyone who knew another phone’s IMEI number could, in theory, find out information about that Truecaller account.
Cheetah Mobile estimates that around 100 million users of the company’s app were affected by the flaw. But Truecaller published a blog post explaining that it fixed the flaw in its app. It claims that no personal data was compromised due to the flaw. Truecaller says that automatic updates to the company’s app fixed the flaw.