Phone numbers of stars, public stored on huge searchable databases - BBC

The phone number of British Olympic diver Tom Daley (above) was among numbers found on a database by the BBC.
The phone number of British Olympic diver Tom Daley (above) was among numbers found on a database by the BBC.PHOTO: REUTERS

The cellphone numbers of politicians, celebrities and sports stars, as well as members of the public, are being stored by apps in huge searchable databases, according to a BBC report.

A search by the British broadcaster found the numbers of  former British Prime Minister David Cameron, Labour leader Jeremy Corbyn, Transport Secretary Chris Grayling, the Olympic diver Tom Daley and the music producer Pete Waterman.

However, it is not possible to search for a person's name and obtain their phone number.

These databases have been compiled by phone apps that promise to block spam calls and let people "reverse-look up" calls from numbers they do not recognise.

But it appears many of the names and numbers have been gathered without their owners' knowledge, says the BBC.

The apps, which include Truecaller, and CM Security, ask users to upload their phone's contact lists when they install them. That means they end up with huge databases - one app claims to have two billion numbers while another claims more than a billion.

These can then be searched to connect any number with a name - although you cannot put in a name and get a number.

Searches can be conducted on the app provider's website without even installing the software, said the broadcaster.

The issue has been highlighted by Factwire, an investigative journalism organisation that found the numbers of leading Hong Kong lawmakers had been stored in the systems.

Many numbers appear to be stored in the databases without the knowledge or consent of their owners.

For example, the BBC says it  found the number of the security researcher Rik Ferguson of Trend Micro in the database of Truecaller, which is based in Sweden. He told the BBC he had not installed the app and had not consented to having his number stored.

He described the app as "highly deceptive" and questioned whether it broke data protection regulations.

"Data can only be collected for specific, explicitly stated and legitimate purposes, may not be kept for a longer period than is necessary and crucially only with the explicit and informed consent of the data subject," he said.

There is also concern about the security of the data, says the BBC. In 2013, it says, Truecaller suffered a data breach, admitting that it had fallen victim to a cyber-attack but insisting that no sensitive information had been exposed.

Truecaller told the BBC that it ensured strict protection of user data, which was safely stored in Sweden. The company said it did not share any information with external organisations and in a statement said: "Truecaller is not in violation of the data protection laws in Sweden, nor across the EU as a whole."

The BBC asked the Information Commissioner, Britain's data protection regulator, about Truecaller. The ICO said: "UK data protection law says businesses are required to process data fairly and lawfully. We're asking questions on behalf of UK citizens and are following up with the Swedish authorities."

Security blogger Graham Cluley, whose mobile number is stored by one of the apps, says everyone needs to be more careful about what they share: "If you upload your address book, you're not just putting your own privacy at risk - but the privacy of everybody else in that address book."

Most of the apps mention in their terms and conditions that users should have permission from their contacts before sharing their data.

One of the apps, CM Security, has now halted its reverse-look up function.

All of them say users can opt out if they do not want to have their numbers stored.