Loan apps steal data from mobile phones and use the information as pressure to get private individuals to pay. Hundreds of risky apps could be downloaded from Apple’s App Store and Google Play. This is according to a new report from the IT security company Lookout.
Lookout has identified nearly 300 fake and dangerous loan apps on Google Play and the App Store. The apps are mainly aimed at private individuals in Africa and Southeast Asia, but are also available in other countries. The apps claim to offer quick loans with seemingly normal terms, but in reality they exploit the victims’ need for money to trick them into unfair contracts. In connection with the application, they require access to sensitive information on the customers’ devices – information that is not normally required for a loan application. This could, for example, be about the mobile phone’s contacts, call history, pictures and SMS messages.
In addition to strange requests for unwarranted information, many of the lenders exhibit fraudulent behavior. Among other things, victims have reported that the loans had hidden fees, high interest rates and worse repayment terms than what was presented in the app stores. Lookout also found evidence that users’ data was sometimes used to pressure customers into payments. A common tactic was to threaten to expose a borrower’s debt or disseminate personal information to the individual’s network of contacts.
In total, Lookout’s researchers discovered 251 Android apps in Google Play with more than 15 million downloads. The team also identified 35 apps on Apple’s App Store that were among the 100 most popular financial apps in their regional stores. Lookout has been in contact with Google and Apple respectively, and at the time of publication, neither app is available for download.
“Mobile apps simplify everyday life in many ways and are a convenient way to interact with companies – for example, lenders. But when entrusting an app with personal information, it is extremely important to stop and ask yourself if the information requested is relevant and if the business behind the app is legitimate,” said Ruohan Xiong, senior researcher at Lookout. “As we can see with the scam apps we discovered, app permissions can be easily abused if users aren’t careful. Although it is likely to involve dozens of actors acting independently of each other, the apps have a very similar business model. It is about deceiving victims into unfair loan terms and then forcing payment.”
Lookout’s Mobile Endpoint Security and Personal Digital Safety services protect against these and similar threats. Although the apps are no longer available in app stores, Lookout advises consumers to exercise caution when engaging financial institutions through apps.