Cybersecurity firm Kaspersky Lab has warned users off an app which has dominated the Russian mobile app market over the past few days. While ‘GetContact’ might feed one’s curiosity it grants full access to users’ personal data.

The GetContact app advertises itself as a powerful tool to block unwanted incoming calls, even if they are not known to a user. It also urges customers to “help” millions of other users by reporting unwanted calls and create a shield against annoying bots, spam and marketing.

The application has raced to the top of the Russian market in the past few days, largely due to another non-advertised feature it provides. Through GetContact, a user can see how they – or anyone else – are named in the contacts of other users. Russian-language Twitter and other social networks are full of the app’s screengrabs, revealing quite creative and sometimes offensive names. The service, however, does not specify in whose phone the username in question is located.

The app is free and the only thing it needs is the access to the users’ contacts… and the whole smartphone, including camera, stored photos, email addresses and other data, according to its end-user license agreement. This degree of access poses an obvious threat to one’s privacy, the cybersecurity firm has warned.

“By accepting these conditions, you voluntarily leak personal data into the net; not only your own, but also [that of] all your friends and colleagues,” Kaspersky Lab said in an article on Thursday. “The authors of the application claim that they do not sell their base. But they can change their minds at any moment – the end-user agreement provides the possibility of transferring data to third parties, as well as a clause about the user consenting to receive mailings.”

Even if the developers, a small firm registered in London by two Turkish nationals last November, stick to their promises and don’t outright sell their base it might still get leaked or hacked, the cybersecurity firm warned. The app’s website claims it has more than 2.2 billion contacts in its database, and counting. While the figure might be exaggerated, it cannot be very far from reality given the roaring torrent of GetContact downloads, Kaspersky said.

Beyond the obvious embarrassment, leaking the personal information of a user and all his contacts may prove dangerous, Kaspersky said. Users tend to store such sensitive data as bank card numbers and PINs on their phone – unwise practices, which the firm strongly discourages.

There is the option of taking your name from the app’s database on its website; the app is said to delete you within 24-hours. It is also a requirement to delete the program from your phone.

The app seems to be operating on quite shaky legal ground and it has been already banned in some countries, namely Azerbaijan and Kazakhstan. Russian media watchdog Roskomnadzor embarked upon examining the GetContact app on Wednesday. The app will be blocked in Russia if it is found to violate laws protecting personal information.