Truecaller ‘bug’ starts automatic enrolment of users to UPI, alarming people

BENGALURU: Caller ID app Truecaller had started automatically registering its users for its Unified Payments Interface (UPI) offering without seeking consent or requiring any user action, according to several users who complained on Twitter on Tuesday.

Truecaller was automatically been sending out UPI-linking requests after an update to the app that came out recently. Horrified users tweeted on Tuesday expressing shock and vowed action. Several people on Truecaller’s Google Play reviews page have also highlighted the same problem, fearing that the app is accessing personal data and banking information.

“I fell victim to a @Truecaller UPI scam this morning,” wrote Dheeraj Kumar, a software engineer, on Twitter. “I woke up and checked my android phone, which auto-updated a few apps, including @Truecaller. It automatically, immediately sent an encrypted SMS from my phone to an unknown number, following which @ICICIBank sent me a sms.”

Truecaller in an apologetic statement released later in the say said it had discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version.

“We've taken quick steps to fix the issue, and already rolled out a fix in a new version. For the users already affected, the new version with the fix will be available shortly, however, in the meanwhile they can choose to manually deregister through the overflow menu in the app,” it said.

Dilip Asbe, the Managing Director and CEO of National Payments Corporation of India (NPCI), clarified that Truecaller’s bug has started the onboarding process but registration can’t be completed without a two-step process that requires an OTP and bank details.

“We will review the situation. It was a bug that has been fixed,” said Asbe.