There are some free applications available on google play and app store which provide free calls over internet to users. Anyone having a mobile phone can download this application for free and make free calls.
An application called “Call India – IntCall” provides the same service, and this application is available on google play as well as app store. Now, you might be thinking, what’s strange in that. But this application has a very serious and dangerous flaw in it.
Application Does Not Require Any User Authentication Permission
A person can simply download this application from google play store or app store, after downloaded we can see that the application asks for registeration, in which we can simply register by entering the phone number. Here, the biggest flaw exists. As this aplication does not require any user permission, a person can enter any 10 digit mobile number and got registered successfully without entering any OTP or any verification code.
This can be used to make fraud calls to anyone, as one can use any valid or invalid number to call someone without getting caught.
The strange thing is that the application is still not reported by anyone and available on internet.
The application developers should implement OTP based authentication or any other type of user verification which verifies that the user is genuine.