Truecaller has apologised for the API bug last week, which caused a privacy scare for its users. The bug resulted in UPI payment profiles being created for some users without their explicit permission on Truecaller Pay. The company claims that less than 0.12 per cent of its total monthly users in India were affected by this bug.
The bug was present in the latest version 10.41.6 of the Truecaller app and caused it to automatically send a text message to the bank to verify the user’s account. Through its blog post, the company has clarified that the registration process was only meant for users who had previously consented for the UPI feature.
“We deeply regret the trouble caused to these unsuspecting users, who may have thought that there is some breach to their bank account. As explained in detail below, no bank accounts or financial information of users were compromised and immediate steps were taken to remove the issue and ensure the services were returned to normal,” Truecaller CEO Alan Mamedi said in the blog.
According to Truecaller, the registration for the payments profile happened in the background and those affected users were never asked to create a UPI PIN code, which means that the registration process never finished. The company said that the mishap did not lead to any sort of data or financial loss for the users.
Since the API was only meant for the registered payment users of the Truecaller app, in case there is an indication that the registered user’s credentials were corrupted, then the API would trigger a refresh of the credentials. To rectify the problem, Truecaller said that it took corrective measures within hours of becoming aware of the bug issue.
The company said that it stopped the rollout of the problematic version and it deregistered all the affected users. It has released a new version (10.41.7) on the Android platform and said that it will schedule a force update for users once the new build gets to critical reach.
To recall, last week Truecaller Pay had signed up some of its users for its UPI-based payments platform called Truecaller Pay without seeking their permission. The problem was first reported by many of the users on Twitter, along with those users who took to the reviews section on the Google Play Store’s listing for the app.