The surge in the popularity of loan apps in Pakistan has not been without controversy. Recent crackdowns by the Federal Investigation Agency (FIA) and Google’s stricter policies, in collaboration with the Securities and Exchange Commission of Pakistan (SECP), have raised concerns over these apps’ dubious data collection practices. Many of these apps, including some registered with the SECP, request suspiciously extensive permissions, leading to worries about the potential misuse of users’ private data.
Dubious Collection of Users’ Private Data in Popular Loan Apps
One prominent example of such apps is Barwaqt, which demands a staggering amount of permissions far beyond what is necessary for its purported functions. Users who download this app are required to grant access to their entire phone gallery, contacts, app activity, and personal information. Similarly, other widely-used apps like JazzCash and Easypaisa also exhibit similar data collection tendencies, although they do not disclose the full extent of their required permissions on the app store.
While modern versions of Android allow users to manage app permissions, the existence of such excessive data collection practices is still a cause for concern. These loan apps boast a combined download count of over 70 million on the Android platform, potentially putting a vast amount of personal data at risk.
SECP’s Warning to Protect Public Interest
Despite being registered with the SECP, some loan apps, including EasyLoan and Muawin, have faced criticism for similar data collection practices. The collection of extensive private data without clear justification raises questions about the ultimate purpose behind this data and whether it may be sold to third parties.
In response to these concerns, the SECP issued a warning to registered apps like Barwaqt, urging them to rectify their predatory data collection practices or face potential closure within a week. While this step is a positive move towards safeguarding user privacy, there remains uncertainty about the extent of data misuse that may have already occurred.