Something is wrong when the ‘telephone app’ on your phone becomes 3rd party
Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) – which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system.
Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn’t hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as ‘truecaller’ – something I had never heard of, shoot, I didn’t even know the dialler is an app – it gave rise to a bad suspicion: Is some of my phone’s core functionality now provided by a 3rd party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not.
Here is an excerpt of truecaller’s privacy policy:
When You install and use the Services, Truecaller will collect personal information from You and any devices You may use in Your interaction with our Services. This information may include e.g.: geo-location; Your IP address; device ID or unique identifier; device manufacturer and type; device and hardware settings; SIM card usage; applications installed on your device; ID for advertising; ad data, operating system; web browser; operator; IMSI; connection information; screen resolution; usage statistics; default communication applications; access to device address book; device log and event information; logs, keywords and meta data of incoming and outgoing calls and messages; version of the Services You use and other information based on Your interaction with our Services such as how the Services are being accessed (via another service, web site or a search engine); the pages You visit and features you use on the Services; the services and websites You engage with from the Services; content viewed by You, content You have commented on or sent to us and information about the ads You see and/or engage with; the search terms You use; order information and other usage activity and data logged by Truecaller’s servers from time to time. Truecaller may collect some of this information automatically through use of cookies and You can learn more about our use of cookies in our Cookie Policy.
And somewhere later, not surprisingly:
We transfer information to trusted vendors, service providers, and other partners who support our business and Services, such as providing technical infrastructure services, bug testing, analyzing how our Services are used, measuring the effectiveness of ads and services and facilitating payments as well as potential partners who may wish to work with us to provide other services.
After reading this, the first thing I did was to send an email to the Wileyfox support to kindly ask for a way to uninstall the app and recover the the default dialler. The answer came quickly but was unsatisfying and of a generic type:
Hello Martin,
Thank you very much for your Email,
[…]
Truecaller Pro
- Wileyfox users receive 90 days of Truecaller Pro for free.
- Truecaller Pro enables you to send contact requests to people outside of your network.
- Truecaller Pro gives you an ad-free experience and Wileyfox users will not receive ads in Truecaller even after the Pro subscription ends.
Privacy Questions
- If you don’t register in Truecaller it works as an ordinary dialler.
- To improve accuracy of the Caller ID service, users can share their contacts with the Truecaller community. This feature is optional and users can skip giving access to this.
- Users who do not wish to use Truecaller as their dialler can opt-out and deactivate their account without impacting the usage of their dialler.
- You can deactivate and unlist your number from Truecaller via this website: https://www.truecaller.com/unlist
Unfortunately you are unable to uninstall truecaller as this is the default dialer, you can use a 3rd party app if you would like to..
Many Kind Regards,
[…]
My second email, asking if they can guarantee that no information is collected when not creating a truecaller account, received no answer until now. When disabling the application, the dialer simply disappears from the home-screen, without any replacement:
This leaves me in an unpleasant spot as I, where I can, avoid using google services and now need to find an alternative dialling application. Isn’t this sweet? I am searching for a dialling application for my smartphone. A DIALLING application.
Of course, you can always root the phone and install custom roms. But this process takes some time and the development and compatibility with these roms is less than satisfactory. I’ll have to figure out my options when I have some spare time and hope, for the moment at least, to find a usable replacement on F-Droid.
I am not sure if this move if even legal, but it’s certainly not an act of kindness to impose this kind of affiliate program on customers.
What does this tell us about the state of Android? Well, two out of the three Android devices I’ve owned (different manufacturers) suffered from bloat / adware. But to be fair, a system should be open and as a consequence customisable by a manufacturer. It should not be designed, however, to have vital core functionality easily replaced with dubious 3rd party apps. I guess the burden is on the customers now: Double check which software you get with which device. Not being an apple fanboy, I have to admit: At least you know what you get when buying an Iphone. Heck, switching operating systems on mobiles should be as easy as on PCs.
I would be glad to hear recommendations for smartphone hardware / software that values open-source and data-privacy, preferably dual-sim.
Let’s finish this short article with the words of Ernst F. Schumacher:
Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.
UPDATE:
In the meantime, both Wileyfox and truecaller reached out to me – probably not unrelated to the attention this article got on hacknews. Here are their statements:
Wileyfox (answering my mail asking weather truecaller collects data)
Hello Martin, Yes Truecaller will not have access to any information unless you sign up to their services. Kind Regards Wileyfox Customer Support
And truecaller
Hi Martin,
[…]
– It is completely optional to use the Truecaller service. While we do offer our service of identifying spam calls and unknown numbers, if the user does not want those services, simply just say ’Later’ on the first screen and the user will be able to use the dialler just like a standard Android dialler (it will still have Truecaller branding, but no information is being shared by Truecaller or vice versa) This means no profile will be created with your details, and no numbers will be shared. The privacy policy only applies for when you create an account.
– This also means, if you have already opted-in by creating an account and want to opt-out and stop using the features, and just use the app like a normal dialler, then you can just go to settings > about > deactivate. This will return the app to the state before you sign up (so as a normal dialler).
[…]
I highly appreciate that both companies take customer relations serious and reached out to me.
However, I am missing a clear statement, saying that no data is send to truecaller servers when I am not signing up – it should be commonly known by now that anonymous data usually is not really anonymous. Further, and more importantly, it doesn’t change the fact that there is a 3rd party app hooked into my phone’s system now and I have to to trust this party. The statement that truecaller has no access to my data is clearly false, as the app has all the privileges it requires to spy on lots of data. Given the recent history of privacy violations, I certainly do not intend to add truecaller to the list of companies I trust, especially regarding their buisness model.