The dangerous GetContact application and why it does not need to install

In late February, users of social networks began to massively upload screenshots of the application GetContact. One of its functions allows you to see how the recorded telephone numbers from other users. To do this, you must have an account and grant the application access to personal data.

What it is

edition VC.ru notedThat the first mention of the application appeared in December 2017. Surge in popularity came in the February 2018. Most GetContact interested in Armenia, Azerbaijan, Kazakhstan and Kyrgyzstan.

In addition, on February 8 GetContact app topped the rating of the Russian App Store, and February 26 took first place among free applications downloaded.

The app was developed by Getcontact LLP. According TheGazette English website, it has been registered at the end of November 2017. However, the official website It stated that the company has been operating since 2015.

Twitter users and other social networks to actively share their feelings about how they are written from friends and acquaintances.

Other ironic joke about the voluntary discharge of their data.

The rest of the fair outraged negligent attitude to the protection of personal information.

In February, the application to the blocked area Azerbaijan and Kazakhstan due to violations of the law "On personal data and protect them."

After blocking in Kazakhstan developers Codebusters released a similar app called GetContact_. By words Murat Alikhanov, the app downloaded so many users that Codebusters company can earn about 1000 dollars a day.

yesterday Roskomnadzor announced the beginning GetContact check for violations of the law on personal data.

Once the do not call GetContact app: and app-spy, and "destroyer of lives."

The danger of it is that this app is not just to access the phone book of the user. All contacts from her fall into a common base. And then theoretically it can become affordable to almost everyone. Guarantees that flooded into the contacts do not take advantage of foreign, there is no network. Who, how and when will get the phone number of a certain, impossible to predict.

In addition, telephone number and details of the person enter the network without his knowledge or permission. If you give a man my number, it does not mean that he wants you to this number gave no one knows where and who knows whom.

It's one thing when the downloaded application is requesting permission to access your contacts on the device (for example, banking applications, such as "Sberbank Online"). It's quite another when these contacts are entered into a database.

Most users install this application to "pinned", "learn something new." They do not think about the consequences. In my opinion, it violates the law on protection of personal data, and Roskomnadzor knowingly validates it. Most likely, it was banned in Russia as well as the already banned in Kazakhstan and Azerbaijan.

How it works

The user registers an account and gives the application access to the phone book, so it fills up a shared database. This is to ensure that an application could identify an incoming call from a caller, even if the number is not in your contact list. The anti-virus expert "Kaspersky Lab" Victor Chebyshev Layfhakeru told that such applications are beneficial primarily to fraudsters, which is not difficult to learn everything about you.

The potential danger of this application lies in the fact that anyone who wants an opportunity to match the name of the phone number / name and other information about its owner. Using such data, telephone crooks can perform more precise and effective attack using social engineering.

Also, if you do not know about the existence of this application and want to have your phone number to remain known only to a narrow circle of people, then this app can indirectly violate your rights.

Alas, it is not to protect against this is 100% possible, even if you follow all the safety rules. In this case, the telephone number can be in the public domain because of the other people who use GetContact, because it is impossible to vouch for all subscribers of the telephone book.

As far as the application is dangerous

If the search drive number, the application will show the subscriber is recorded from other users. And it can be checked not only themselves, but also to any other person, whose data is in the database. Many users are worried, because personal information falling into the wrong hands, without their consent.

Roskomnadzor has He warned users about the dangers of these applications on his page "VKontakte".

• You hereby gives access to all personal information.
• The phonebook credit card numbers can be recorded, PIN codes, passwords for private offices, and all these data will fall into the public access.
• Developers can sell the database to third parties: collectors, crooks and importunate financial brokers.

Vojtech barrels, Senior Software Engineer Company of Avast, recommends users to pay attention to the terms of use. Developers can transmit information about you to third parties, not to mention the database hacking.

Even putting aside the potential hacks and exploits, the combination of the type of data collected and stores GetContact, and privacy policies should alert potential users application.

The application downloads all the user's contact list on GetContact servers, including the phone numbers of people who have not consented to the transfer of their contacts. For example, WhatsApp shows users which of their phone book also uses this application, however, WhatsApp does not keep a list of all contacts.

According to the policy GetContact privacy, the application can share all information that is collected, "with any third party." The fact that GetContact can transfer all this information, it is very alarming.

If GetContact shares this information with third parties, it can probably be distributed to advertisers, which is quite ironic given the stated purpose of the application. It needs to be user data to provide functionality that promises its users. If the application requests too many solutions, you should consider whether they need to use.

Some application developers are trying to gather as much information about their users, to sell their information on underground forums for promotional messaging and other profitable schemes. Others may use the information they collect to sell information for targeted advertising.

Even if the database does not fall into the hands of advertisers, or cybercrime, they are still attractive to hackers who can hack into the servers on which they are stored. In 2013 TrueCaller database, a similar application was hacked Syrian electronic army.

Imagine. You will share your telephone number with loved ones. A call and write you begin to completely unknown people. And the calls and messages of various kinds have simply overwhelmed: this promotional offers and spam, and just some crazy. This development is quite possible, if GetContact application will get mass distribution.

The common base does not just contacts from the phonebook, but also photos of subscribers. According to the information on Google Play, the authors promise to give all the information and a photo of the caller, even if the phone is not in the address book of the subscriber. Is not that the best confirmation of the fact that personal data which are protected by legislation, subject to illegally?

Who gets information about you, how it will take advantage of - the answers to these questions. It is likely that dispose of personal data of users in their criminal purposes can and fraudsters. After all, some people as contacts in the phonebook record passwords and PIN codes, including their credit and payroll cards.

Now everyone's lips with collectors problems. This application is for them just a gift, because with its help to find the necessary number of "client" it is not difficult.

---

GetContact may share any personal or corporate information with third parties, send emails, SMS, or perform other marketing activities that are permitted by law. GetContact may collect information about users through other applications and use it for their own purposes.

When you accept the terms of use, developers get all your data:

• phone book;
• accounts of social networking;
• Photo;
• e-mail address;
• IP-address;
• recording phone calls.

CEO "Oblakoteka" Maxim Layfhakeru Zakharenko said that an interesting situation from the point of view of information security.

First, the owner of the phone book provides the systematization and storage of personal data of the contacts, ie the de facto operator of personal data (152-FL It applies to individuals) with all the attendant control (including a minimum of obtaining consent contact to use), but the practice of 152-FZ to the usual physical persons (users who have a smart phone) I do not I know.

The second problem is that the ordering and processing of contact details of all phone books is carried out the Russian Federation, which violates the law in a different part of the necessary primary actualization of personal data within the territory Russian Federation.

But the main problem is that by default, the user is considered to be reasonable. That is, if he consciously agrees that his data will be transferred to the telephone book in cloud and will be used by some application, it is assumed that he is aware of the consequences of this actions. In fact, this is absolutely not true, in fact, no ordinary user can not even imagine where can get the data and how they can be used. In addition, no one comes to mind, that is not even his personal data and the data of other subjects - it contacts.

How to remove your number from the database GetContact

Remove your number from the database can be on the official website of the application. To do this:

• open the app and delete the account in the "About GetContact» section;
• on website enter a phone number and press Unlist.

Within 24 hours, the number must be removed from the database. However, it does not help if your friend is download the app and register an account.