Billions of contact numbers, including that of Hong Kong govt officials, 'leaked' by phone apps

Hong Kong's Chief Executive Leung Chun-ying (C) arrives at the Lima Convention Centre to attend the APEC CEO Summit, part of the broader Asia-Pacific Economic Cooperation Summit in Lima on Nov 19, 2016.
Hong Kong's Chief Executive Leung Chun-ying (C) arrives at the Lima Convention Centre to attend the APEC CEO Summit, part of the broader Asia-Pacific Economic Cooperation Summit in Lima on Nov 19, 2016.PHOTO: AFP

HONG KONG- Contact numbers of Hong Kong government officials, including Chief Executive Leung Chun-ying and Chief Secretary for Administration Carrie Lam, have been leaked by three smartphone apps.

These big names are among billions of victims from the business, politics, media and entertainment sectors, including members of the public.

Hong Kong-based news agency Factwire reported on Sunday (Nov 20) that the smartphone apps were CM Security, Truecaller and Sync.ME, which are available for free download in the app stores of the Android and iOS systems.

Privacy Commissioner for Personal Data Stephen Wong Kai-yi would not comment on whether or not the apps were illegal.

Factwire reported that the "Reverse Look-up" feature of the three apps allows users to trace the name of the number holder.

When a telephone number is input into each app, the app will run a search in the billions of identified numbers in its database to trace the name of the number holder. Each app displays the name even when the holder is not a registered user and has not authorised the app to make his or her personal information available for search.

South China Morning Post reported that users agree to share their phone address book with the app companies when they download their products.

In addition to this "Reverse Look-up" feature, the Sync.ME search feature merged the mobile phone numbers with Facebook profiles belonging to lawmakers Raymond Chan Chi-chuen, Junius Ho Kwan-yiu, Eunice Yung Hoi-yan and Tanya Chan Suk-chong.

Some information is locked and users need to pay to gain access.

Charles Mok, lawmaker representing the Information Technology functional constituency, has his mobile phone number merged with his Facebook, Google and LinkedIn profiles.

Factwire reported that Truecaller has a database of over 3 billion telephone numbers, while Sync.ME has collected information of over one billion contacts and their social network profiles including Google, Facebook and LinkedIn.

CM Security collects users' phone address books through WhatsCall, another app developed by Cheetah Mobile. CM Security has hundreds of millions of identified numbers in its database, reported Factwire.