the home of online investigations

Using Phone Contact Book Apps For Digital Research

April 8, 2019

By Aric Toler

Translations: Русский

Popular apps such as TrueCaller or GetContact advertise the ability to see who is really calling you, even if you do not know the number, and alert the app user of spam or scam calls. However, the way that these apps gather information to determine the name of an unknown caller is not as broadly advertised.

With many of these apps, this information comes as the result of vacuuming up the contact books of its users, then cross-referencing the data with other instances of the same number being used as well as with Facebook profiles that list a number.

Most of these apps are smart enough to figure out that “Mom” or “Dad” is not a useful name to display for an incoming unknown number, but will often refer to the literal name given in a contact book, which can be incomplete, derogatory, or mnemonic. For example, a 2014 article about the now-discontinued app Noknok describes how many women are labeled by insulting names, and one woman found herself on the site listed as “Ness booty call 2.”

Other phone contact books may provide more information about an individual’s background, such as in a New York Times investigation into the killing of Jamal Khashoggi that used one of these apps to reveal key information:

A fourth suspect traveled with a passport bearing the name of another member of the royal guard, Muhammed Saad Alzahrani. A search of the name in Menom3ay, an app popular in Saudi Arabia that allows users to see the names other users have associated with certain phone numbers, identified him as a member of the royal guard. A guard wearing a name tag with that name appears in a video from 2017 standing next to Prince Mohammed.

We have used these apps in our investigations as well, including in the identification of a GRU officer linked to the downing of MH17, Oleg Ivannikov. Two phone numbers we knew to be associated with this man revealed his cover identity used in Ukraine (“Andrei Ivanovich”), while another number revealed his birth name used in Russia, Ivannikov.

Using information saved through phone contact book apps is an oft-neglected resource in digital investigations, largely due to the sheer number of these apps and their invasive privacy policies.

Additionally, the vast majority of the apps in question require a phone to use them, while lacking an accessible web version of their database, making research more cumbersome. This guide will detail how to use these apps in a relatively safe context — either through an Android virtual machine or on a “burner phone” not connected to a researcher’s actual email accounts or phone number.

Getting Your Research Device Ready

To set up an emulated Android phone for your PC — in other words, a program that you run on your computer that pretends to be a phone — see this guide I wrote for instructions on using Genymotion. You can also use Bluestacks or other Android emulators, some of which have iOS versions. Not all of these contact book apps will work on an Android emulator, but most will. If you use one of these Android emulators and aren’t worried about using a real phone or phone number, feel free to skip this section.

My preferred method for researching is to use an unlocked “burner phone” — in my case, an old, dirty, cracked Nexus 5X that I haven’t used since I upgraded to a new phone in 2016. I gave the phone a factory reboot and linked it to a Gmail account created specifically for research, and without any SIM card or attached phone number. From there, via a Wifi connection, I installed a number of apps that are useful for research that I cannot necessarily do on my PC.

Some of these contact book apps require an actual phone number to do SMS verification. Many people find found success using a Google Voice number or other service to generate a phone number just for this purpose. While this will work for some sites, many platforms — namely Facebook — will recognize that a number is not “genuine” (i.e. connected to a service like Google Voice instead of a real SIM card), and will not let this number be used for verification.

I would strongly advise against using your actual phone number for this, let alone using your real phone, so I bought a SIM card through Tracfone’s website along with $20 of minutes from a nearby Dollar General. I was able to use this new SIM card/phone number with my Nexus 5X because it isn’t linked to any specific phone carrier — you may need to purchase a new phone if your old one isn’t unlocked (you can do this for as little as $20 via Tracfone or another pre-paid wireless carrier). Consult this US-focused guide created by the NoContract subreddit for more information on various phone options without a monthly contract.

At many airports, you can buy a SIM card at a machine or kiosk with pre-paid minutes. While I have not tested these out for SMS verification purposes, it is worth a try next time you are traveling and see a cheap SIM card sold in your terminal.

If you are in the United States, you can buy a Tracfone SIM card for a dollar and free shipping (at the time of publishing this article). If you are based outside of the United States and cannot buy a cheap SIM card with pre-paid minutes, or are concerned with very sensitive privacy issues, this method is not for you. In this case, you should consult other resources online for anonymously acquiring a phone number that cannot be linked back to you via credit card or telecom data. As you can see in the screenshot below, I bought the Tracfone SIM card with my personal credit card, and I did the same for the Tracfone minutes. I am not very concerned with issues of privacy around this phone, but if I were, I obviously would not go this route.

Using this cracked phone too much would take a toll on my fingers, and I already prefer to do as much research as possible on my actual PC, so I use a phone mirroring program to control this phone from my computer. There are a lot of options — some free, some paid — to do this, but I use Apowermirror (free and paid versions).

I have also had success with Airdroid (free and paid) and Microsoft Remote Desktop (free). If you want to control your phone through your PC or Mac’s mouse and keyboard, it’s best to plug in your device via USB. Device settings will differ depending on your application, but most will require you to turn on USB debugging mode (if you don’t know how to do this, add your phone model to this search). Once it’s all set up, this is what your application should look like (if it’s Apowermirror): your phone’s display, perhaps with a few extra options in the application’s interface, and the ability to use your PC’s mouse and keyboard as an input device (via the mirroring application).

 

Phone Contact Book Apps

There are dozens of phone contact books apps available on iOS and Android, ranging from ones that are popular all over the world (GetContact, TrueCaller) to others that are only popular in particular countries or regions. This guide will not detail every one of these apps, but will look at about a dozen of the more popular ones from the Google Play Store and detail the requirements, pros/cons, and capabilities for each of them. If you know of a popular contact book app that is not included in this guide, please note the app in the comments so we can add a section about it.

In each of these summaries, a few reference numbers are used to find results: my own phone number, the number of a London colleague, the support number for Verizon Wireless, the publicly-released cell phone number of Donald Trump, and the phone number of Russian commander/separatist Aleksandr Borodai. For the apps not focused on American users, I found public numbers that would likely be in contact books, such as public service hotlines, to see how the app gathered and published information. Obviously, this is an extremely small sample size, but it’s best to test out phone numbers relevant to your own research area to see which app is most effective.

Most of these apps require you to agree to extremely invasive privacy policies and permissions. Because we are using either a fake (emulated) phone or a “burner” phone not linked to our actual identities, feel free to accept most all of these, as it is always possible to run a factory reset on the device if the apps create any problems. If you install even half of these apps, you will have a half-dozen apps hogging your phone’s memory running in the background, and if you ever make an actual call or receive a call on this device, it will cause all of the apps to simultaneously come to life to tell you about the phone number — so, needless to say, don’t use this device for actual phone calls.

The following contact book apps are detailed in this guide, in order: GetContact, TrueCaller, CallApp, Hiya, Dalily, Tellows, Eyecon, Viewcaller, Showcaller, Whoscall. There are dozens of other contact book apps not included in this post, but they operate under roughly the same parameters as the ones detailed below.

GetContact

Requirements: SMS verification, email address

Free? Free!

Contact details: Lists one possible name, no user comments available

Success rate: 1/5 (found Borodai’s number, and every other Russian and Ukrainian number I tried to search, but was not able to even attempt to search any +1 or +44 numbers)

GetContact is one of the best, if not the best, contact book apps, despite the fact that it does not work or is banned in many countries. Most phone numbers in Russia and Ukraine, for example, will return back associated names. However, in the United States and United Kingdom (among other countries), GetContact does not even allow you to try and search numbers, likely due to legal or privacy restrictions.

You must be able to verify an SMS message to use GetContact, meaning that you should use a phone number associated with a research-only or burner phone to activate your account. I have not tried to use Google Voice or other services to try and authenticate GetContact.

 

While GetContact is very limited in the number of countries it will provide information for, it has a lot of information for numbers it is able to search. For example, I tried searching every number from the phone logs published by the parents of the American man who disappeared while trying to travel to eastern Ukraine. Almost every number with a Russian or Ukrainian code brought back a result on GetContact, showing how wide reaching its user base is in the region.

GetContact has a web version, but I was not able to get it to work from my phone.

TrueCaller

Requirements: Either Google (Gmail) or a Microsoft Live account

Free? Free!

Contact details: Only lists one possible name. Provides tags to describe number (business, personal, spam, etc.)

Success rate: 4/5 (didn’t recognize London colleague)

This is one of the only apps that does not require a mobile device to access their database of numbers. Go to truecaller.com in an incognito or private window, and from there, log into your research/non-personal Gmail or Microsoft Live account to search for numbers on your browser. In most countries, you can create a Gmail account in 30 seconds from the login screen, with the only required information being a username, password, first/last name, date of birth, and gender (no phone number or recovery email required).

After signing in, just search for a number for results — no paywall or SMS verification required.

CallApp

Requirements: Google/Gmail account, Facebook account, or SMS verification

Free? Free!

Contact details: Lists comments from users about number, gives a reliability score to number, shows how often the number was searched

Success rate: 3.5/5 (Verizon, Trump, London colleague, possibly incorrect with Borodai)

This app allows you to sign in through a few different methods — a Facebook account, Google (Gmail) account, or through SMS verification — and also heavily incorporates Facebook results to build its user database.

CallApp is complemented by a number of social features, including additional contact book details that many other apps don’t include, such as an email address. That said, with the three hits of the five options we tested, the Verizon support number showed some inaccurate information pulled from some user’s contact book and the Trump number listed a New Zealand address. The result for the London-based colleague were correct. Additionally, the Borodai search brought back a false hit for a man named “Alexsander Firsov,” though it’s possible that Borodai’s old number is now being used by someone else.

Hiya / Mr Number

Requirements: $$$

Free? Subscription required

Contact details: n/a

Success rate: n/a

Hiya is ran by the same company as Mr Number, with Hiya focused more on reverse phone lookup, and Mr Number specializing in spam notification and call blocking. However, these services require a paid subscription ($1.25/month) to access their database, so we did not go any further in testing the app.

 

Dalily

Requirements: None

Free? Free!

Contact details: Can search by either name or number, and also will provide all contact book information (email, etc), not just name and number

Success rate: n/a

Unlike other apps detailed in this guide, Dalily only features Arabic-speaking countries and has no use for any person outside of the Middle East or North Africa. All of the countries included in this app are seen below, along with Yemen (the very last entry).

An example of the information provided by Dalily can be seen below, with the contact book entry for the Saudi National Water Company.

 

Tellows

Requirements: None

Free? Free!

Contact details: Provides a score to the number, related to spam/scam calls. Will list user-submitted comments on each number as well. Will show the number of times that a number has been searched for

Success rate: 1/5 (Only recognized Verizon)

With no required accounts or phone numbers, Tellows is very easy to use and has some of the more interesting features of any contact book app. As seen below, Tellows will provide user-submitted comments for a number, but will also show how many times a number has been searched by Tellows users.

 

Eyecon

Requirements: Valid phone number for SMS verification

Free? Free!

Contact details: Photograph and one name for the contact

Success rate: 2/5 (Only found Trump and Verizon)

You need to have a valid phone number that can receive an SMS message to use Eyecon, but no email or social media accounts are necessary. After this, the app will ask for a name to use, but this obviously does not have to be your real identity.

To search for a number, you need to select the “Unknown” option on the top-right of the main search page. From there, type in the number that you want to search, then select “Search”. Both of these options are highlighted in yellow below.

This app could not find any of the non-U.S. numbers I searched, showing that it is quite geographically limited in its results.

 

Viewcaller

Requirements: None

Free? Free!

Contact details: Only one name, very basic details

Success rate: 2/5 (Verizon, Trump)

One of the most bare-bones apps in this post, Viewcaller does not require any sort of authentication or login, and only gives one name for a number. The app does not provide any additional details.

 

Showcaller

Requirements: None

Free? Free!

Contact details: Only one name listed, comments can be submitted by users.

Success rate: 1/5 (Only recognized Verizon)

This app is very easy to use and does not have many requirements (e.g. no SMS verification, email, etc.), but also has a small database of phone numbers to work with. The only phone number of the five tested that had a return was for the Verizon Wireless support number, but it incorrectly identified its origin as Russia. A later search showed its location as Kentucky, reflecting how this app only allows one detail per number that will overlap from multiple users’ input.

 

Whoscall

Requirements: Facebook or Google (Gmail) account

Free? Free!

Contact details: Provides main name and multiple suggestions of alternate names used in users’ contact books, sometimes provides address and other contact book details

Success rate: 1.5/5 (Recognized Verizon, had a joke Trump entry)

Whoscall requires either a Facebook or Gmail account, but these can be dummy accounts set up just to use for this app. Searching for numbers on it is a bit less intuitive as you would expect — you need to select the Keypad tab (second from the left in the bottom row of the app), type in the number you want to search, then click the auto-populated entry that will come up. In an interesting feature, Whoscall will provide a primary name for the number, but will also list other possibilities taken from users’ contact book apps under “Community Report.”

 

Conclusion

Using contact book apps is an underutilized practice in digital research, but for good reason — most researchers will need to have an extra phone number, spare Gmail and Facebook accounts, and a lot of patience to really use these resources to their fullest potential.

These apps have, and will continue to, come under fire by security researchers due to their extremely broad and deceptive information gathering practices. Kaspersky Labs’ Leonid Grustniy provided a basic overview of GetContact’s business model and dangers last year, for those curious about the broader security implications of these apps. Within this Kaspersky post is a screenshot of the GetContact app permissions, which seems like a self-parody:

Often with open source research, we look for self-published information about particular subjects, such as that which can be gleaned through business registration documents and social media profiles. However, with hundreds of thousands of mobile apps collecting private data from their users, open source research will continue to be able to gather information from these caches of data either due to the information being public (as with these apps) or being unintentionally leaked.

This trend will lead to plenty of ethical dilemmas about what information should and should not be scraped for research, and instances of even careful, security-conscious individuals having their personal information visible online — this danger will be particularly obvious to those of you who find your personal phone number attached to your name on TrueCaller or GetContact, despite never using those apps yourself.

 

Addition: @RanLocar noted that some contact book apps could be vulnerable to leaks regarding users’ GPS data, highlighting how you may consider using a VPN or GPS spoofing service through your phone (emulated or physical) when accessing these apps if you are particularly security-conscious.

Aric Toler

Aric Toler started volunteering for Bellingcat in 2014 and has been on staff since 2015. He currently heads up Bellingcat's training efforts and its Eastern Europe/Eurasia research.

Join the Bellingcat Mailing List:

Enter your email address to receive a weekly digest of Bellingcat posts, links to open source research articles, and more.

Support Bellingcat

You can support the work of Bellingcat by donating through the below link:

8 Comments

  1. Ran Locar

    Also, disable location services when you’re at it. Some of these apps will send home your GPS location when you’re using them.
    If Mr. Evil gains access to their logs, they will immediately know where to look for you, or at least become aware they are being searched from your location

    Reply
  2. Claudio

    May I suggest to include sync.me in this list?
    I used it in many investigations and most of the time it worked (Italian numbers)

    Reply
  3. Timo

    May I add that Whitepages also works surprisingly well at least in the US.
    The have the extra feature of not just being able to investigate by having a phone number but also being able to get the phone number, address etc. and also names of family members having the name of the person you are looking for. If you pay some money (for those concerned about their privacy consider using prepaid anonymous credit cards if available in your region) this information gets even more extensive.

    True caller does not know that many numbers especially when the person f interest is not a person of public interest. Depending on where you live sites like Whitepages can also be run by the government and therefore only contributing checked information.

    Reply
  4. Zeta

    For US look into CNAM databases or a KYC api that pulls live data direct from the carrier. Those are better ways compared to public records and marketing data.

    Reply
  5. Peter

    When travelling I’ve found that even in countries where you are supposed to provide ID when buying a local SIM card, Internet cafes and phone shops in areas popular with immigrants/refugees often sell them, no questions asked. Where I had to register the SIM card online, giving a local address, I simply used the address of a large block of flats.

    I discovered this by accident because, travelling on a budget, I frequently find good, inexpensive and friendly hotels in those “undesirable” neighbourhoods.

    Reply
  6. Rutherford

    Great stuff. Love this article too. Liking Bellingcat a WHOLE bunch! New Contributer; likely.

    Reply
  7. Tom

    I definitely agree with the points you make in this article. Call tracking apps are so convenient but often we forget the risks of allowing so much access to our data. For everyday usage I have the tellows app – I find that out of all the apps available it is much more responsible with personal data

    Reply

Leave a Reply

  • (will not be published)