Security News > 2022 > December > Predatory loan mobile apps grab data, harass users and their contacts

Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use it to pressure and shame the victims for repayment.

Aimed at consumers in developing countries - Colombia, India, Indonesia, Kenya, Mexico, Nigeria, the Philippines, Thailand, and Uganda - the apps and their operators are taking advantage of victims' inability to qualify for a traditional loan.

The apps "Purportedly offer quick, fully-digital loan approvals with reasonable loan terms. In reality, they exploit victims' desire for quick cash to ensnare borrowers into predatory loan contracts and require them to grant access to sensitive information such as contacts and SMS messages," Lookout researchers Ruohan Xiong, Rono Dasgupta, and Alina Mambo explained.

"A number of users have reported that their loans come with hidden fees, high interest rates, and repayment terms that are much less favorable than what is posted on the app stores. We also found evidence that the data exfiltrated from devices are sometimes used to pressure for repayment, either by harassing the customers themselves or their contacts."

"Once the victim's information is exfiltrated by the app and the loan is distributed, the collector then begins cycles of harassment. Sometimes the loan operator would wait until the repayment deadline has passed, but we've seen many complaints indicating that harassment occurs before payment is required," the researchers noted.

"Based on the low review scores of most of the apps, the loan operators don't seem to be afraid of getting caught and find the reputation of the individual apps to be disposable. This may partially be the result of looser financial regulations or lack of enforcement," the researchers concluded.

News URL

https://www.helpnetsecurity.com/2022/12/01/predatory-loan-apps-android-ios/