Fake digital lending apps grabbed contact information, pictures and gained network access from their borrowers' smartphones as part of their lending operations. As the government, regulators and investigative agencies crack down on fake digital lending apps and the Chinese nationals who were operating them, questions remain on how much data was stolen from unsuspecting customers. Without a data protection law in place, these apps and their operators have gotten away with troves of personal information belonging to borrowers. Several borrowers have committed suicide in the last few months over the harassment they faced from purported employees working for these apps. Not only were borrowers called several times to repay their loans, but the employees would also contact family and friends of the borrowers and attempt to blackmail by posting stories and private information of the borrower on social media. At the outset, these apps did not ask for Know-Your-Customer (KYC) information that legitimate lenders require from borrowers. Instead, they sought basic contact information from borrowers', photocopies of official government IDs and used their apps to gain access to borrowers' smartphone devices. The permissions these apps sought are wide ranging, more than what legitimate regulated entities ask for. The data theft achieved by these apps and their operators could possibly be the largest data theft to have taken place in the country. KVM Prasad, Assistant Commissioner of Police for Cybercrime, Telangana State Police Department told MediaNama that they are investigating around 197 apps that have come to their notice. Prasad said…
