A caller ID app is publicly sharing more than a billion phone numbers and who they belong to with the world – and even if you’ve never downloaded the app, you’re likely to be on the list.
Sync.ME is the number one caller ID app in 107 countries, available on both iOS and Android smartphones, with more than 10 million active daily users.
Describing itself as ‘the best caller ID app in the market’, Sync.ME has enjoyed huge uptake for its ability to detect incoming spam calls from telemarketers and the like.
To join, users must allow the app to sync with their phone contacts and social networks, including Facebook, LinkedIn and Google+. This is supposedly to allow the app to show friends’ pictures and other information when they call, even if their number is not stored on that phone.
But through this process, Sync.ME not only stores the number of its users in its database, but any other number it can find through users’ phone and social media contacts. It then makes all of these numbers, along with the names of who they belong to, available to view on its public number-lookup service.
People who have never downloaded the Sync.ME app, and perhaps don’t even know it exists, have of course not given consent for their contact information to be shared.
In other words, the company is passing liability for violating the privacy of non-users onto its users.
Sync.ME also sells its enormous phone number database as an API to third parties that want to gain insights into their own client bases.
It advertises the data to be used for classifying and targeting people based on their demographics and interests, generating sales leads with 'social insights', and leveraging social media to 'better know your client'.
By syncing with social networks, Sync.ME is able to sell information relating to people’s job, location, relationship status, hobbies and interests with any third party organisation.
‘With over 1 billion synchronized phone numbers and corresponding social media profiles, Sync.ME has created the most complete census of the world’s mobile users,’ the company boasts on its website. ‘Using advanced methodologies we are able to identify and accurately match user’s phone contacts to their social network profiles.’
However, the last couple of days have seen some people realise what Sync.ME is doing with their private information.
In a comment on Sync.ME’s Google Play page, Kevin Crane, who has never used the app, called it an ‘invasion of privacy’.
‘I've never used this app before, but when I searched for my phone number on their website they had my full name and email address available for anyone to see,’ he said. ‘I did not consent to my information being indexed on their system and given away publicly.’
App user Jonathan Mani posted a similar criticism: '[The app] puts your whole phone book on the web, which was not apparently obvious when I originally got the app to sync contact photos,’ he said.
‘Feels like a scam, a breach of trust, an invasion of privacy. The app is not worth your time and should be banned from the Play store for this ridiculous stunt.'
But Sync.ME was unsympathetic in its response: ‘Some data is uploaded to servers for Caller ID and search features as we MENTIONED in the registration process. The search by phone feature is ALSO integrated in our app. We don't allow to search by name. Sync.ME always keeps your data safe, secure and never uses it for any purposes except integrating in our products. Common for Caller ID products.’
Anybody who would like their information removed from Sync.ME’s number-lookup service can do so here.
Information Age has contacted Sync.ME for further comment.