Predatory loan mobile apps grab data, harass users and their contacts

Lookout researchers found nearly 300 Android and iOS apps that lure victims into unfair lending terms, extort excess user data from mobile devices, and then use them to pressure and shame victims into repayment.

foreign apps iOS Android

Aimed at consumers in developing countries – Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda – the apps and their operators are taking advantage of the inability of victim qualify for a traditional loan.

Android and iOS loan apps that lead to harassment

The apps are said to offer “fast, fully digital loan approval with reasonable loan terms. In fact, they take advantage of victims’ desire for quick cash to lure borrowers into predatory loan contracts and demand to grant access to sensitive information such as contacts and SMS messages,” explained Lookout researcher Ruohan Xiong, Rono Dasgupta, and Alina Mambo.

Also Read :  Huawei technology to transform agriculture – CAJ News Africa

“Some users have reported that their loans come with hidden fees, high interest rates and repayment terms that are far less favorable than what is posted on the app store. We also found evidence that the data exfiltrated from devices is sometimes used to pressure a refund, by harassing the customers themselves or their contacts.”

After downloading one of these apps, the user is first asked to share personal and financial information – name, address, employment history, education, and banking information – then to perform identity verification with a video selfie (meaning: they provide also an image of their ID card).

The apps then ask the user to access their contacts, photos and media, and be allowed to make and manage phone calls and send and view SMS messages.

Also Read :  Taiwan willing to offer help to China to deal with Covid-19 surge

“Once the app has exfiltrated the victim’s information and distributed the loan, the collector begins cycles of harassment. Sometimes the loan operator waits until the repayment deadline has passed, but we have seen many complaints indicating that harassment occurs before payment is required,” the researchers noted.

“This is where the unfiltered contact information comes in, where anyone would be contacted, including those who did not include the victim in their loan application. A common tactic is to disclose or threaten to disclose loan debts or other personal information to their contact networks, often including family members or friends.”

Available in official app stores

​​​​The researchers found almost 300 of these apps: 251 on the Google Play Store (with over 15 million collective downloads!) and 35 on the Apple App Store.

Also Read :  Zoho Desk – Redefining The Customer Experience With AI

While both app stores accept personal loan apps, the way the operators of these apps manage the “business” they run defies the stores’ guidelines. Both Apple and Google have removed the apps from their stores.

foreign apps iOS Android

While appstore reviews left by victims should prevent others from using these apps, many were probably too desperate to heed the warning or balk at the apps’ request for permissions too wide. (If the user refuses to give the permissions, the apps don’t allow them to continue.)

“Based on the low review scores of most apps, the operators do not seem to be afraid of getting caught and the reputation of individual apps seems to be disposable. This may be partly a result of looser financial regulations or a lack of enforcement,” the researchers concluded.


Leave a Reply

Your email address will not be published.

Related Articles

Back to top button