Many of these applications advertise across social media platforms to lure customers. They charge ridiculously high interest rates (from 35-65 per cent). They are illegal and are not registered lenders as they are neither connected to banks nor NBFCs.
Investigators reveal that upon downloading these loan apps and applying for a loan, the phone numbers of the borrowers/customers and their family members are instantly shared by the lending firm to their tele-callers and loan agents. The local/international tele-callers follow instructions from heads sitting in Jakarta (Indonesia) who have Chinese bosses. These tele-callers then reach out to the relatives and friends of the borrowers via WhatsApp groups or social media messages.
The most attractive thing about these apps is that the loan amount is instantly transferred to the borrowers’ account upon approval. These mobile applications mandatorily require access to contacts, image and video gallery in the phone. The major documents required are Aadhaar and PAN card images. The security fall back is the access to contacts and gallery.
TECHNICAL DETAILS OF THESE MOBILE APPS
Google Play Store played host to hundreds of such apps that mushroomed as India went into a lockdown. Ever since complaints started flowing, Google has taken actions to curb such apps from being hosted on the Play Store. But these apps continue to change their avatars and exist under different forms and names.
Recently, Google had taken down apps like Ok Cash, Go Cash, Flip Cash, ECash and SnapItLoan. But, creating and hosting such apps is not difficult in a place like Play Store. There needs to be a stricter protocol for fintech and finance-based mobile applications.
Lack of digital and data literacy is the primary reason for all of these. These apps usually target Android phone users between the age of 21 and 40, cyber experts claim.
Most of these apps give iOS platforms a miss, owing to the higher security in the platform when it comes to hosting applications. These applications also get their KYC (know your customer) done via 3rd party companies.
Data is another grave concern about these Chinese-based lending applications. Data of millions of Indians are in the hands of these apps which are in turn controlled by Chinese companies.
Recently, a popular Chinese micro-lending app ‘MoNeed’ was said to have exposed personal details in the form of over 350 million records of Indian users. The data was apparently stored in a Chinese data server. The Cyble reported that more than 150,000 IDs of Indians were leaked on the dark web by a Mandarin-speaking actor.
The information fields include names and phone numbers, type and model of phone, list of apps in the phone, IP addresses, etc. The mobile app also requires a long list of permissions before installation; some even unwanted for a micro-lending app. This is a pattern we have seen across most Chinese applications. The same has been extensively covered before by India Today.
This app, in particular, requires a host of unwanted permissions like connect and disconnect from Wi-Fi, full network access, control vibration, read phone status and identity, modify or delete the contents of your USB storage, directly call phone numbers, precise location (GPS and network-based), modify your contacts, etc.
Moreover, the pandemic has made millions of Indians vulnerable to these loan sharks
MoNeed has denied these allegations and has promised to investigate the «imperfections» in their technology implementations. MoNeed issued a statement stating that it follows all laws and regulations of India.
While the company didn’t acknowledge the data breach, it said that the team has taken suggestions from cybersecurity researchers for «strengthening our firewall and security protection to completely meet the standards and requirements according to the laws and regulations set forth by authorities.»