NDTV ProfitBusiness NewsBug In Truecaller App Automatically Enrolled Users For UPI Services
ADVERTISEMENT

Bug In Truecaller App Automatically Enrolled Users For UPI Services

Several users of the application took to social media platforms to complain about the latest update.

30 Jul 2019, 07:11 PM IST
NDTV Profit
NDTV Profit
A worker demonstrates a mobile payment system at the Visa Inc. stand at the Mobile World Congress in Barcelona. (Photographer: Pau Barrena/Bloomberg)
A worker demonstrates a mobile payment system at the Visa Inc. stand at the Mobile World Congress in Barcelona. (Photographer: Pau Barrena/Bloomberg)

Truecaller, a widely used mobile application to screen callers and block spammers, has rolled-back its latest app update after discovering a bug which automatically enrolled customers for its payment service.

Late Monday evening, several users of the application took to social media platforms to complain about the latest update of the Trucaller app, which led to unauthorised access to other apps available on the user’s phone.

The complaints alleged that the bug had prompted an unauthorised encrypted SMS to be sent from the user’s phone to an unknown number for registration with truecaller’s payment service. While users were registered with the UPI-based payment service, no actual transactions took place.

The bug, however, prompted concerns among users and forced the company to withdraw the update.

In a statement issued on social media platform Twitter, Truecaller said that “it had discovered a bug in the latest update of Truecaller the payments feature (India only), which automatically triggered a registration post updating to the version.” The company added that it has discontinued this version of the app so that no other users are affected, further stating that they have already rolled out a fix in a new version.

“For the users already affected, the new version with the update will be available shortly. In the meantime, users can choose to manually deregister their UPI ID from the banking/payment settings,” the statement said.

UPI is built and managed by the National Payments Corporation of India, which has already shut down any new customer on-boarding through Truecaller.

Dilip Asbe, managing director and chief executive officer at NPCI, said, “there was an issue in the app observed today. We have been updated that last night’s migration had resulted in a bug in the workflow. We understand that it has been fixed and till then user on-boarding has been stopped in this app.” Asbe further said that NPCI will take action if Truecaller is found to be non-compliant with the security, encryption and developer standards that have been prescribed by the NPCI.

The issue, according to Asbe, is limited only to enrollment to the UPI service without consent. Even if customers are enrolled to the service without their consent, no actual transactions can take place without the mandatory two-factor authentication, he said.

Get live Stock market updates, Business news, Today’s latest news, Trending stories, and Videos on NDTV Profit.
ADVERTISEMENT