Truecaller, a service that helps users screen robocalls, has rolled out an update to its app in India, its largest market, after a previous software release covertly signed up an unspecified number of users to its payments service.
A number of users in India began to complain late Monday that Truecaller, which has amassed over 100 million daily users in the country, had registered them to its payments service without their consent. In a statement to TechCrunch, Truecaller acknowledged the error and said a bug in the previous software update caused the issue.
(The bug led the app to quietly send a text message to a bank to verify their account — which is part of the procedure to sign up to the payments service.)
“We have discovered a bug in the latest update of Truecaller that affected the payments feature, which automatically triggered a registration post updating to the version. This was a bug and we have discontinued this version of the app so no other users will be affected,” a Truecaller spokesperson said in a statement.
“We’re sorry about this version not passing our quality standards. We’ve taken quick steps to fix the issue, and already rolled out a fix in a new version. For the users already affected, the new version with the fix will be available shortly, however, in the meanwhile they can choose to manually deregister through the overflow menu in the app.”
Update: The company said it will deregister every user who was inadvertently added to Truecaller Pay.
Truecaller added payments service to its app in India two years ago. The company, like several others, such as Google and Samsung, relies on Indian government-backed UPI payments infrastructure for this feature. Under the current law, signing up a user to a payments service without their consent is illegal.
As of February this year, every tenth Truecaller user in India had signed up to Truecaller Pay, according to the company.
It’s not the first time a payments service in India has mishandled registration of users. Airtel, a mobile operator in the country, had also tricked some users two years ago into joining its payments bank — a move that did not go unnoticed.
In a statement, Dilip Asbe, MD & CEO of state-run payments body National Payments Corporation of India (NPCI), said, “there was an issue in the app observed today. We have been updated that last night’s migration had resulted in a bug in the workflow. We understand that it has being fixed and till then user on-boarding has been stopped in this app. NPCI ensures to take action if found non compliant.”
Update: In a statement issued at 10:30 PM IST (17:00 GMT), Asbe said, “this is enrolling mistake by the app without customer consent. With this customer can’t do any UPI transaction. For onboarding to UPI the customer has to still enter 2FA (issuer OTP and debit card), and set UPI pin. The workflow mistake is limited to enrolling which will not have any impact on any customer account whatsoever.”
As in the U.S., robocalls have become a major challenge in India. So it does not come as a surprise why Truecaller has emerged as one of the most useful services in the country in recent years. But the Stockholm-based firm has a tendency to run into controversy every now and then.
In May, a security researcher claimed that Truecaller’s user database was being sold on a dark web marketplace. The company denied any claims that its service had been breached.