Messaging and video calling app JustTalk, widely used in Asia, claims to be encrypted and secure. However, a large cache of internal data discovered by security researcher Anurag Sen tells a different story, TechCrunch alleges.
JustTalk claims to use end-to-end encryption technology, meaning only the sender and recipient can view messages sent. On its website, it claims that “only you and the person you communicate with can see, read or listen to them: Even the JusTalk team won’t access your data!”
The messaging app has 20 million users globally and its kid-friendly app, JustTalk Kids, has 1 million downloads on Google Play.
The data discovered by Sen allegedly shows that the apps are not end-to-end encrypted. The data includes millions of messages, the time the messages were sent, and the phone numbers of both the recipient and sender. The data cache also has records of calls made using the app.
The data also includes the granular locations of thousands of users, most of them in mainland China, India, the UK, the United States, Saudi Arabia, India, and Thailand.
There were also records from JustTalk 2nd Phone Number, an app that allows users to generate virtual and ephemeral phone numbers to avoid sharing their actual phone numbers. The records show both the actual numbers and the virtual numbers.
Sen shared the data with TechCrunch, asking for help contacting the company. However, efforts to contact the company and the app’s founder Leo Lv, and other executives were unsuccessful.