GetContact: Find a contact or give your contacts away?

Harmless toy or a way to phish for personal data?

“Hi! Don’t miss out on this limited-time deal…” Many of us could happily live without another one of these calls. Mobile app developers heard the call, and now some offer the ability to see a number’s reputation when receiving a call, some offer information about the company the number belongs to, and some offer to block known telemarketers. The GetContact app has recently gained popularity among such solutions with an interesting take: It identifies numbers using its users’ own contacts.

GetContact has great potential for success. Having installed it, you will know almost every caller by name and picture; the app pulls up the caller’s personal data and photo from its database.

The app also lets users instantly put callers on a telemarketer black list, easily block unwanted calls, and look up contacts by name or number. Want your hot neighbor’s number? Simply look them up on GetContact! Of course, there is a price you have to pay for these perks: It’s access to your contacts — the app wants those names and numbers.

We tested the app on several colleagues who volunteered for the experiment

We tested the app on several colleagues who volunteered for the experiment

Nothing wrong with being curious…

It’s no wonder GetContact is often used in ways not listed in the product description. There’s so much to learn! People all over the world got excited about looking up their numbers to find out what their friends called them, and that started a real epidemic on social media, where users’ feeds are filled with screenshots and jokes referencing the new trend.

Peter Darth Melon

Peter Darth Melon

It gets worse. If the app lets me look myself up, why not look up the numbers of my friends, coworkers, or spouse? This is where users start making unpleasant discoveries. A woman seeing her husband’s number under a female name might suspect him of cheating and get into a big argument. A senior manager of a large company turned up as a “TV salesman” in an old client’s contacts and became an office joke.

Whether it’s in fun or as revenge, the app offers a lot of room for creativity: You can call a person “drug dealer” or “My Baby” — and someone will be sure to ask them for an explanation. But wait, the same can happen to you! To make it worse, the app doesn’t let you track down the person who saved you under this or that name.

Is it real or someone's idea of a joke?

Is it real or someone’s idea of a joke?

Forewarned for your own good

What about privacy, you ask? GetContact’s website contains a confidentiality agreement in accordance with which the user gives the app access to any personal and corporate data, including data stored by other apps and on social media, as well as the right to share this data with third parties — in other words, with anyone.

Among other things, GetContact stores your phone books and contacts, photos, e-mail addresses, IP addresses, and conversation records. By accepting its terms, you sign over your personal data to the app — and your coworkers’ and friends’ data as well.

The complete list of data the app can access is scary

The app’s developers insist that they do not sell their data to anyone. However, they can change their minds at any moment — the user agreement allows them to transfer data to any third party and contains a clause forcing the user agree to receive mass e-mails/messages. Even if that doesn’t happen, the possibility of hacks and data leaks should not be discounted.

Can you stop showing my number?

GetContact developers allow users to take themselves out of the database. To do so, you have to find the Unlist page on the website, enter your number, and send a request. Within 24 hours, the app should stop looking you up in other people’s phone books. However, there is a “but”: This option is available only to those who delete the app from their own devices. If your curiosity gets the better of you and you install the app again, your number will become visible to everyone again.

Is that even legal?

GetContact has been officially outlawed in several countries because of its questionable privacy policy, and it’s under close scrutiny for compliance with personal data and other legislation in others. But these measures are late in coming — the service has already collected several million telephone numbers from users in countries around the world, and it’s unlikely the developers will be interested in deleting them, even if its activities are found to be noncompliant with legislation in this or that jurisdiction. What will GetContact do with all of those contacts? As we said, anything they want.

Google Play’s installations number indicates the counter doesn’t exaggerate

So, what can we do?

You cannot use an app like GetContact and at the same time be guaranteed privacy. For us, privacy outweighs the satisfaction of seeing that you are not listed in someone’s phonebook as “not that guy again.” If you feel the same, here’s a couple of things you can do to avoid setting yourself and your friends up for trouble.

  • When installing a new app, don’t be lazy: Read the user agreement and privacy policy. It’s never a bad thing to know what you’re signing. User agreements seem too long and unreadable? We have a post on how to extract the most important information from EULAs in a few minutes.
  • When giving an app access to data, think for a second: Does the app really need access to that kind of information to work? What will happen if the app shares the data publicly? In some cases, you can deny some permissions and the app will work just fine.

All about Android app permissions

  • Consider removing any sensitive data, such as credit card numbers or PIN codes, from your address book. This story is just one illustration of why you shouldn’t store such information in a place to which lots of apps request access. It’s better to store it in secure places such as notes in Kaspersky Password Manager. That way, they are encrypted and stored securely so that only you can get access to them.