Information Security 2k18

Recently, there occurred a very significant global disturbance! A crowd rushed to download the virus-infected app called “getContact,” but no one considered that after launching the application, humanity opens access to very serious personal data, and I will now explain why.

How does all of this work?

After launching the application, it uploads a list of your contacts (phone number – full name) to the database. The data is stored on the service and is not provided upon request for the specified phone number until the owner of the phone number confirms permission to provide their data. What’s interesting is that the user confirms permission to use their data by launching the program for the first time. To put it simply, until you install and run the program, no one can access information regarding your phone number.

If it’s still not clear, the getContact service already has an API for interacting with third-party services, and there is already a Telegram bot called @PhoneToNameBot based on it. To use it, you just need to send a message with a phone number, and it will respond with a list of contacts that have used this foolish application.

Thus, through the Telegram bot, anyone can now obtain a lot of personal information with just a phone number from those who have made the mistake of using the getContact app at least once.

How can you protect yourself from unwanted access to your information?

Fortunately, the getContact service provides an interface for sensible people who don’t want anyone to know more about them than necessary.

  1. Delete the account from getContact in the “settings” section.
  2. Unsubscribe from the service https://www.getcontact.com/en/unlist