KOCHI: Read this before entering your details on an app that is promising to lend you money. As it turns out, online app-based money lenders are not only cheating people of their savings but also posing a threat to the nation’s security.As more victims of such loan apps come forward, a study on their operation has revealed the risks they pose to national security by spying on the information of Indian citizens.
The study, conducted by Kochi-based cybersecurity firm Technisanct after receiving frequent complaints from the victims, shows that such apps are directly linked to Chinese firms that can easily leak personal details, including banking activities, of a person.“The research by our team showed that the apps were apparently China-based firms’ plans to place India under surveillance and destabilise our financial security,” said Technisanct CEO Nandakishore Harikumar. He said the studies by them and other cybersecurity agencies also showed that the data of the loan apps was saved on the ‘Alibaba cloud server’, a Chinese platform.
“We suspect around 30 to 40 lakh Indians have already fallen prey to the data leak by the apps. Perhaps, a billion Indians have been indirectly affected,” he said.Nandakishore said the auditing of such Chinese money lending apps revealed that they sought users’ permission to access seven to eight sensitive contents on their smartphones.
“The apps ask for permissions like ‘read and write phone contact’, ‘read and write external storage’, ‘read and write SMS’, ‘answer and place calls’, ‘use camera and record audio’ and ‘access geographical locations.’ No other app, made in India or countries other than China, seeks so many permissions,” he said.
Technisanct’s study concluded thus: “The entire blueprint of such services seems to be keenly strategised to create a surveillance network on Indians. By exploiting the financial instability of several Indians, these Chinese networks have misused the financial technology sector while disguised as loan providers. While their operations have not had an immense impact on the pandemic landscape, the next three to four years would witness their deeper intervention into the Indian financial market.”
Analysing CashDaddy
Technisanct focused on the CashDaddy loan lending app for deeper analysis. During auditing, it was revealed that the app’s package name was ‘Mudracircle.com.Cashdaddy’ and the app was owned by FTEK Consultancy Pvt Ltd. The firm’s directors owned other five other agencies, all offering services in the financial sector.
“Our auditing led us to Benefactum Alliance Fintech Pvt Ltd and its Chinese Director Du Xuezhen, who claimed to have resigned in December 2020. Benefactum’s email ID is liayn@cnisun.com. ‘cnisum.com’ is not a public domain. Benefactum is a major company in peer-to-peer lending in China. Though highly funded, it is monitored by cyber agencies across the globe,” Nandakishore said.
Ignorance isn’t bliss
Technisanct CEO Nandakishore Harikumar said government agencies in India, including in Kerala, are yet to realise the threat of such loan apps. “While Andhra Pradesh and Telangana have launched a crackdown as they have anti-gambling laws in place, no other state is taking serious steps against the threat,” he said. An official with the Kerala Police’s Hi-tech Cell said, “As most of these apps have offices in Bengaluru, Mumbai and Hyderabad, we will coordinate with police agencies there. Such fraudulent apps do not have offices in Kerala. We are also coordinating with other cyber experts to receive more information about these firms. Several agencies are operating under fake NBFC licences,” said an official.