From the Viewsroom

The TrueCaller UPI mishap

Jinoy Jose P | Updated on August 02, 2019 Published on August 02, 2019

Policy and regulation must catch up with misuse of data

The latest online-meets-offline scam involving caller-identifier app TrueCaller is clearly a strong indicator of the potential damage such technological services can cause to public at large, and more. Even though TrueCaller issued a statement blaming a bug for the mishap — on July 30 Android users with TrueCaller on their phones got text messages saying their registration for the Unified Payment Interface (UPI) app has been initiated and their bank account was linked to ICICI Bank’s UPI interface — anyone who’s familiar with the world of programming can understand that such inadvertent errors do not occur that easily. As things stand now, it is difficult, though, to see a larger, sinister design behind the error. It is technically plausible considering the way (read callous way) with which similar programmes are designed and distributed. There is also the larger (and deeper) question of design flaw in this.

The very idea of UPI is based on the assumption that an individual can be linked to and identified with one mobile number. This is a debatable idea to start with; especially in a country like India where users exchange numbers and families swap personal numbers. When the basic premise as such is wobbly, such errors can easily creep in.

Regulators must hold TrueCaller accountable for this massive breach of trust and privacy. Evidently, TrueCaller messed with the trust users entrusted with it by misusing the consent and permissions they give it while installing the app. When data becomes capital, primitive accumulation of data becomes a problem. Lax rules and crony capitalist systems help such applications run amok with user privacy and consent. When it comes to identifying the damages software (algorithms) do, Indian laws are a work in progress. Recently, a Swedish cyber security company had reportedly found out that personal data of millions of TrueCaller users were leaked and sold online (dark web). The company denied this, and not surprisingly never faced regulatory scrutiny. Policy must catch up with the times.

Deputy Editor

Published on August 02, 2019
This article is closed for comments.
Please Email the Editor