Predatory lending mobile apps take data, harass users and their contacts

Lookout researchers have uncovered nearly 300 Android and iOS apps that trick victims into getting unfair loan terms, extract excessive data from mobile device users, and then use it to pressure and shame victims into paying up. .

Aimed at consumers in developing countries (Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda), the apps and their operators take advantage of victims’ inability to qualify for a traditional loan.

Android and iOS lending apps that lead to harassment

The apps “supposedly offer fast, all-digital loan approvals with reasonable loan terms. In reality, they exploit victims’ desire for quick cash to trap borrowers in predatory lending contracts and require them to grant access to sensitive information such as contacts and SMS messages,” said Lookout researchers Ruohan Xiong, Rono Dasgupta. and Alina Mambo.

“Several users have reported that their loans come with hidden fees, high interest rates, and repayment terms that are much less favorable than what is advertised on app stores. We also found evidence that data extracted from devices is sometimes used to pressure payment, either by harassing customers themselves or their contacts.”

After downloading one of these apps, the user is first asked to share personal and financial information (name, address, employment history, education, and banking information) and then to perform an identity verification with a video selfie (meaning also provide a picture). of your identity card).

The apps then ask the user to access their contacts, photos, and media, and to be allowed to make and manage phone calls, and send and view SMS messages.

“Once the app extracts the victim’s information and distributes the loan, the collector begins cycles of harassment. Sometimes the loan servicer would wait until the payment deadline has passed, but we have seen many complaints that harassment occurs before payment is required,” the researchers noted.

“This is where the exfiltrated contact information comes in, where anyone, including those the victim did not include in their loan application, would be contacted. A common tactic is to disclose or threaten to disclose a borrower’s debt or other personal information to their networks of contacts, which often include family or friends.

Found in official app stores

The researchers found almost 300 of these apps: 251 in the Google Play store (with over 15 million collective downloads!) and 35 in the Apple App Store.

While both app stores accept personal loan apps, the way the operators of these apps run the “business” means they don’t comply with the stores’ guidelines. Both Apple and Google have now removed the apps from their store.

borrowing apps android ios

While app store reviews left behind by victims should have prevented others from using these apps, many were likely too desperate to heed the warning or resist asking apps for too broad permissions. (If the user refuses to grant the permissions, the apps don’t let them continue.)

“Based on the low review scores of most apps, loan officers don’t seem afraid of getting caught and view the reputation of individual apps as throwaway. This may be partly the result of looser financial regulations or a lack of compliance,” the researchers concluded.

Leave a Comment