Some robocall blockers sent private data without permission

The cure may have been worse than the disease.

As helpful as robocall blocking tools can be, they can sometimes create their own problems. NCC Group security researcher Dan Hastings has found that some of the more popular robocall blocking apps have been sending data to outside analytics firms without explicitly notifying you, if at all. Hiya and Truecaller sent device data before you could even accept their privacy policies, while TrapCall sent phone numbers without any mention in the privacy policy. Other apps sent info directly to Facebook the moment they loaded.

Some companies have responded. Truecaller told TechCrunch that it fixed data transmissions through an app update, while the TrapCall team changed its privacy policy after Hastings got in touch with Apple. Hiya said it didn't transmit personal info, but was "strengthening our privacy even further" by ensuring that it didn't send device data without your permission.

The data collection is frequently meant to monetize info, and that was (or for some, still is) part of the problem -- the companies were profiting from privacy violations at the same time as they were protecting against intrusions into your life. Hastings also chastised Apple, accusing it of failing to review privacy policies and catch misuses like those from Hiya and Truecaller. This doesn't mean that you should necessarily avoid robocall blockers (US carriers will increasingly do it themselves), but it could be important to review the policy before you trust the app with your call screening.