Update | Cheetah halts ‘reverse look-up’ feature on CM Security app to address privacy concern
The feature enables billions of mobile phone numbers, including those of Chief Executive Leung Chun-ying and 60 lawmakers, to be identified simply by typing them into a database
Cheetah Mobile Inc., one of the three software developers whose free call-blocking applications are making customers’ phone numbers publicly traceable, said it will halt its “reverse look-up” function on its CM Security application to address privacy concerns.
The feature, which enables billions of mobile phone numbers to be identified simply by typing them into a database, is contributed “from users’ feedback and directories uploaded with users’ approval,” the Beijing-based company said in an emailed statement. “The feature was designed for users to proactively report phone fraud and phone scam, at the same time, avoid unwanted calls.”
Billions of mobile phone numbers -- including those of Hong Kong Chief Executive Leung Chun-ying and more than 60 Legislative Council lawmakers -- were found to be publicly traceable by Factwire over the weekend.
Users of CM Security, Truecaller and Sync.ME can trace the names of billions of number holders by typing their digits into a “reverse look-up” feature, but the search cannot succeed simply by inputting a user’s name.
“While our intention is to maximise call identification function, it’s unfortunate that this was misused,” Cheetah said in its statement. “We apologise for any inconvenience we may have caused for some users after the temporary closure of reverse look-up feature.”
CM Security is one of Cheetah’s most popular utility applications. Cheetah, which has over 600 million Android and iOS users globally, also produce Clean Master, an app that boosts smartphone performance, and Battery Doctor, an app to optimise and monitor smartphone battery life.
The majority of CM Security users download the Android version of the app, Cheetah said, declining to offer a more specific breakdown of its user numbers.
Cheetah Mobile is a subsidiary of Hong Kong-listed Chinese software company Kingsoft Corp. Lei Jun, founder and chief executive officer of smartphone maker Xiaomi, is chairman of both Kingsoft and Cheetah.
The other two applications which also offer “reverse look-up” features on their applications, Sync.ME and Truecaller, did not respond to queries by the South China Morning Post.
Truecaller is developed by Swedish company True Software Scandinavia AB, while Sync.ME is an Israeli start-up.
Truecaller has over 100 million users, the company claimed, while Sync.ME said that it has over 1 billion numbers stored in its database.
Users of these call-blocking applications typically must agree to share their contact lists with the developer when they download and use their products.
However, users rarely read through the agreements’ fine print or their privacy policies before clicking on the button to ‘Accept’ the terms of service, said Stuart Hargreaves, assistant professor at Chinese University’s faculty of law.
Hong Kong’s privacy commissioner Stephen Wong Kai-yi said on Monday that his office had contacted overseas privacy protection authorities to follow up on the issue.
In a statement, the commissioner also advised those who had downloaded and were using the smartphone apps to approach their developers and ask them to remove the personal data that had been collected.
