Recently, the National Payments Corporation of India (NPCI) unveiled its flagship payments architecture named Unified Payments Interface (UPI) which went live with 21 banks. UPI seeks to simplify how online payments are made in the country by removing the messy ‘two-factor authentication’ and the need to recollect IFSC, bank a/c numbers every time you need to make a payment online. How this works is explained here. The UPI is touted as gateway to India’s cashless switch, at a time when the government has initiated a massive demonetization move which has drawn both criticism and approval from many. MediaNama reviewed 20 different Android-based UPI apps developed by both banks and non-baking developers to examine if these apps are violating user privacy or collecting sensitive information. Although most apps seems safer, some of them have been found to request permissions to record audio, retrieve info about other apps running on your phone, and even make calls (we are not sure why). Also Read: -On Indian Mobile wallet apps and the sensitive user data they collect – Part 1 -On Indian mobile banking apps and the sensitive user data they collect – Part 2 1)Read sensitive log data As we explained in the previous posts, every app generates logs details whenever it executes a command, connects to a network, completes an update. An app requesting to read log data can read sensitive info like MAC ID, IMEI no, saved WiFi networks info, and details about other apps installed on the device. In many…
