Header Ads

Key Defence Body Flags Digital Lending Apps CASHe, Toop For Potential Security Risks

A key government defence body has flagged concerns over two digital lending apps, CASHe and Toop, citing potential security risks. 

In an advisory dated December 21, the Controller General of Defence Accounts (CGDA) said that foreign agents had exploited vulnerabilities in these apps to extract sensitive information from the devices of defence personnel using the platforms.

“…It has been seen that the personnel deployed in Defence R&D and Defence Production had downloaded loan apps from Google play on their mobiles which made them being targeted by foreign agents using unidentified Pakistani and Indian numbers for sharing workplace contacts. They shared their credentials while registering with these apps,” the advisory said. 

Citing inputs from reliable sources, the defence body said that foreign agents had gained access to data stored in the mobile phones of defence personnel. The advisory further added that foreign actors had tried to extort money and sensitive information from personnel in many instances. 

Terming availability of such apps on Google Play Store a matter of serious security concern, the CGDA also flagged the possibility that such apps could be used for misusing critical data, such as contact details and passwords of personnel handling defence or security work.

In the advisory, the CGDA also directed all Controllers to crack the whip on such platforms and take appropriate steps to prevent misuse of such apps. Defence personnel have also been advised to refrain from downloading such apps on their phones, as per the circular.

However, CASHe rejected all suggestions of data breach and said it does not seek contact details of its customers.

“We would hence like to categorically mention that there has been no breach or information access by external parties, of any sort. The circular suggests a ‘possibility of misuse of contact details, passwords, and other data. CASHe does not ask for the contact details of any of its customer’s contacts and asking to share such information is not possible,” a company spokesperson told Moneycontrol. 

The NBFC also said that it was first made aware of the circular on January 29, 2024.

On the other hand, Inc42 could not find the Toop loan app on Play Store. A quick check of Google searches related to the keyword ‘Toop’ threw up multiple complaints related to the lending app, largely centred around alleged ‘misuse of contacts’.

This is not the first time that Indian authorities have cracked the whip on lending apps, particularly those with links to foreign countries. Just last year, the Indian government banned 232 apps, including 94 digital lending apps, over links with China. 

Apart from the potential security risks, these platforms have also been known to charge exorbitant interest rates from customers and use predatory practices to recover debt. In many cases, borrowers have been threatened with morphed pictures, which could be used to compromise defence personnel and put them at the risk of a security breach.

To curb this, the RBI, via MeitY, has sent across a whitelist of digital lending platforms to app marketplaces. The central bank has also issued norms and guidelines for the regulated entities in the space and warned against employing predatory practices for debt collection. 

The post Key Defence Body Flags Digital Lending Apps CASHe, Toop For Potential Security Risks appeared first on Inc42 Media.


No comments

Powered by Blogger.