How Loan Apps Weaponise Your Data to Make You Pay
February 1, 2021Ahmer Raza* doesn’t know who they are, or what they look like. “All I know is that they fucked up my life in every way possible,” Raza, a resident of the southern Indian state of Telangana, told VICE World News.
Raza is one of the millions of Indians who struggled with a cash crunch when the pandemic hit last year. Upon the advice of a friend, he downloaded an instant loan app called True Balance and took a loan of INR 10,000 ($137). All the app asked for was official identification documents and total access to his personal data on his smartphone.
He repaid the first loan and borrowed again. But his salary didn’t come on time and was unable to repay the loan on schedule. The next thing he knew, a loan recovery agent was threatening him with verbal abuses. “The way he spoke emotionally fucked me up,” said Raza, 22, who is now a financial adviser.
Then people in his phone book started receiving WhatsApp messages with a doctored photo of him that said: “Ahmer Raza is a thief, and he has run away with our money.” His contacts also received a link to repay the amount Raza owed. “All my friends and colleagues were contacted. My father found out through this too,” said Raza. “Someone called him, hurled abuses and told him his son is a thief.”
“I felt like I had been stripped naked in front of everyone,” he said.
Raza managed to repay his loan after six months. But his ordeal illustrated the dangerous and unregulated lending practice that has led to abuse, harassment and, in some cases, suicides.
The economic fallouts of the pandemic have only exacerbated a digital lending infrastructure that feeds off the desperation of Indians looking for short-term financial reprieve.
Data shows that over 120 million people lost their jobs in India within a month of COVID-19 lockdown on March 25, while about 40 million Indians were estimated to have slipped into extreme poverty (surviving on $1.9 a day) last year.
At the same time, hundreds of loan apps—mostly illegal—started populating app stores, especially on Google. “We looked at 1,000 loan apps and were able to attribute them to 180 companies, based on the Ministry of Corporate Affairs data,” Suman Kar, the CEO of cybersecurity awareness platform called BanBreach, told VICE World News. One estimate put the number of loan apps on Google Play Store at 700. “Of those, about 120 companies were incorporated in 2020,” Kar said.
Over the last two months, at least six people in their 20s and 30s ended their lives in Telangana state. All of them had been harassed by loan app agents.
In December, the Telangana police received at least 90 complaints regarding loan apps. The police commissioner of Telangana’s Cyberabad area, VC Sajjanar, told the Indian Express that the number of people suffering because of loan apps could be in the thousands.
Unregulated instant loan apps offer easy credit, sometimes within minutes and without the mediation of official regulatory bodies. Their interest rates range anywhere between 18 percent and 50 percent. A major feature of these apps is how they use the personal data of the borrower.
“Most of these apps upload entire contact books, call registry, location information and a lot more when they are installed,” Srikanth L, who is a part of Consumer Collective, which works on tech and data awareness, told VICE World News. “It also has the ability for those behind these apps to track and access storage remotely.”
Balakrishnan Narayanan, head of analytics with one such app, called Early Salary, recently told news outlet MediaNama that they use facial recognition to assess a customer’s “intention to pay a loan back.” Experts flagged it as deeply problematic given the lack of personal data protection laws in India. “All personal digital effects are weaponised against the people by these apps to either force them to pay up, or get into a debt trap,” said Kar.
In December, the Reserve Bank of India (RBI), India’s banking regulator, issued a warning against the “unscrupulous activities” of lending apps. The RBI prohibits all forms of debt-recovery harassment that people like Raza went through. However, experts point to RBI’s regulatory shortcomings as a major factor behind the thriving loan apps.
“Lending apps don’t crop up in a vacuum,” said Kar. “It happens when the borrowers are unaware and there aren’t enough traditional players who want to or can legally lend money to financially unaware customers. Also, when you’re financially stressed, why would you care about access permissions? Very few would understand the implications of this.”
A review of loan apps conducted by Reuters found that at least 10 apps hosted on Google’s Play Store breached the rules on loan repayment terms aimed at protecting vulnerable borrowers. Google dominates India’s app market, as over 98 percent of smartphone users use Android. Last month, Google announced that it removed “hundreds of personal loan apps, based on flags submitted by users and government agencies.”
As the cases escalate, enforcement agencies are cracking down on faceless loan agents and companies. Raza said that he tried to contact True Balance via his lawyer to address the harassment. “Their phones are still switched off, and they didn’t respond to our emails,” he said.
VICE World News tried reaching out to five loan apps via calls and email, but did not get any response.
Srikanth L said that rogue app developers circumvent regulations and laws by setting up shell or ghost companies to move money. These operations take advantage of not just RBI’s shortcomings, but also lack of cybercrime enforcement that can match their massive scale.
In December, a major bust unmasked some of these companies. In the southern Indian city of Hyderabad, an investigation into three suicides linked to loan apps led the police to 75 bank accounts holding INR 423 crores (approximately $58 million), which was obtained through 30 illegal loan apps. Preliminary investigation has revealed 14 million transactions worth nearly INR 21,000 crore ($2.85 billion). Police arrested at least 27 people.
This intricate web includes Chinese nationals who hired proxy Indian directors to run dubious fintech operations, which in turn employed telecallers and recovery agents tasked with threatening loan defaulters. Many of these telecallers, the police say, are college graduates.
“China has a thriving software ecosystem where you can get any source code to create a peer-to-peer lending system,” said Kar. “Some Chinese investors looking to make a quick buck often look at countries that have a large under-served market and lax digital finance regulations.”
Kar added that tracing the origins of these operations is tricky since India is just the end of the supply chain. Payments for these apps, he added, are almost always Indian services, which aren’t the problem. “The problem arises with Chinese third-party services some of these apps use for
analytics, marketing, face recognition, etc,” he said. “These apps send sensitive financial and personal information of hundreds of thousands of Indians to China. It’s a matter of national security.”
Despite the crackdown, cases continue to crop up. A Twitter user recently shared the experience of a woman who attempted suicide when she defaulted on the loan by an app called Udhaar Loan. The recovery agent had allegedly asked for a video call while she was naked.
Susmita Kapoor*, a 29-year-old sales professional from the western Indian city of Mumbai, became a victim of data breach and harassment by mPokket app in November 2020. After repaying them, she told the app representatives that she would approach the police. “They told me, rather arrogantly, ‘You can’t touch us,’” said Kapoor. “It was really weird. They really believed nothing would happen to them, and that’s how they made sure I paid them back.”
*Names changed to protect privacy.
Follow Pallavi Pundir on Twitter.