Fake Loan Apps | Fintech Inside - Edition #78 - 11th Sep, 2023

Hope to see you at the Jakarta Fintech Happy Hour on 26th Sept! This edition goes into some depth about the modus operandi of fake loan apps

Sep 11, 2023

Hi Insiders, I’m Osborne, Principal at Emphasis Ventures (EMVC).

Welcome to the 78th edition of Fintech Inside. Fintech Inside is the front page of Fintech in emerging markets.

Announcing the Jakarta Fintech Happy Hour! We're excited to host our fintech founders, investors and friends in Jakarta on Tue, 26th Sept, 2023. Details in today's edition.

Have you come across a suspicious app that offered a loan with minimal documentation? It's probably a fake loan app on the app stores. These fake apps are wreaking havoc across app stores with dire consequences to app stores, legitimate lending apps and, most importantly, unsuspecting borrowers.

Today's edition is a guest post that goes into some depth about the modus operandi of these apps, the scale and extent of the problem and what can be done to curb this fake loan app menace.

Thank you for sticking around here. Enjoy another great week in fintech!

Raising funding for your early stage fintech startup? reach out to me at os@em.vc

✨ Jakarta Fintech Happy Hour presented by AWS, Quona and B Capital

Please join us for the Jakarta Fintech Happy Hour presented by AWS, Quona and B Capital! We are excited to host you on Tuesday, 26th Sept in SCBD, Jakarta.

Event Details:
🗓️ Date: Tuesday, 26th Sept, 2023
🕕 Time: 6pm to 9pm
📍 Venue: SCBD area, Jakarta (venue details will be shared with approved guests).

🤔 One Big Thought

Fake Loan App Menace

Note: Today's edition is a guest post by Babu Lal who is an engineer and is on a crusade in the fight to curb fake loan apps. He's been relentless in his pursuit of informing and educating users and unsuspecting borrowers. Do give him a follow on Linkedin or Twitter/X. All views in this post are those of the author. This post is intended for educational and entertainment purposes.

As Covid-19 began to wreak havoc in 2020, a nationwide lockdown was implemented to curb the spread of the coronavirus. The lockdown, a first for all of us, brought about a lot of uncertainty. Part of this uncertainty was that of economic uncertainty. Income of large sections of India were affected impacting their livelihood. This is when mobile app stores were flooded with fake loan apps, operating outside the regulatory safeguard.

What's the modus operandi of these fake loan apps? Fake loan apps aggressively advertise on social media and grow to hundreds of thousands and in some cases millions of app downloads. At the time of application, in addition to minimal documentation, the app requests for access to entire contact lists and photo galleries using dark patterns. As these apps are not regulated, they charge high processing fees and higher interest rates (sometimes as high as 800% APR) on the entire amount, even when loan value is disbursed after reducing processing fees. The loan value could be between $60 to $600. After a certain tenor, borrowers start to receive calls and messages for debt recovery. For unsuspecting borrowers that don't realise the high repayment, this calling quickly turns into blackmail, harassment and shame using various tactics.

Borrowers with as it is poor means are obviously unable to repay these prohibitively high interest rates and turn desperate. Some borrow from friends and relatives to repay the loan, others resort to taking loans from other fake loan apps to repay their earlier loans. In the most unfortunate cases, unable to repay their loans, these borrowers commit suicides.

How did the regulator react? The RBI, India's central bank, was quick to act on these fake loan apps and the digital lending ecosystem in general. In Nov 2021, an RBI Working Group published a report that 600 out of 1100 lending apps currently available on app stores are illegal apps. The app stores kept removing these apps from the Play Store but new clones kept coming. It became unstoppable disease.

In late 2022, India’s Finance Minister tasked the RBI and the Ministry of Electronics and Information Technology (MeitY) to ensure that only whitelisted loan apps are available for download on the Google Play Store and Apple App Store. RBI also started reviewing or cancelling the licences of dormant non-banking financial institutions (NBFCs) to avoid their misuse.

The government expected app store operators to do something about it. At the end of the day, these apps were being distributed via their app stores. As these fake loan apps are distributed via App Store and Play Store and Google and Apple are the owners of two of these largest app stores, this post covers App Store and Play Store largely. This doesn't mean that fake loans are only distributed via these two app stores.

How are the app stores reacting? In Sept 2022, Google updated its policy, mandating loan apps listed on the Google Play Store in India to prominently display a link to the partner bank or NBFC. Recently, Google has started asking for lending certificates or licences if the app deals in any kind of loans while reviewing the app.

Did it stop the scammers? No. They were always two steps ahead, ready for any challenge the Government or app store operators put in front of them.

When the government started to remove them from stores, they started to publish copies of those apps with new names in huge numbers that became untrackable.
When Google asked them to display the link to a partner bank or NBFC, they started displaying any random NBFC name as no one was verifying. At present there are 9376 registered NBFCs and another 5605 whose certificate has been cancelled by the RBI.
Now when Google starts asking for a copy of the certificate, scammers seem to provide photoshopped certificates or downloaded from the internet. Again there is no way to identify if it's real or fake.

Apple and its ecosystem is considered most secure, safe and privacy protected. But off late the scammers have figured out loopholes in Apple’s app review system too and have started to publish hundreds of fraudulent apps on the iOS App Store.

How do these scam loan apps flourish on the App Store?

Create developer accounts impersonating other business identity.
App approval with a bogus website, fake address, fake contacts details and fake partnership with NBFCs.
Aggressively promote in play store and app store search ads.
Become top apps within a few days of launch.
Get enough downloads 100K+ before the app is removed from stores.
Takes contacts, sms and media access to harass the borrower for recovery.
Launch a clone with a new name and repeat.

How prevalent is this scam lending app situation?

On 22nd June, there were 4 fraudulent apps in the Top 20 Finance Apps chart.

On July 10th, 27 of the Top 200 Finance Apps in the Apple App Store were fraud/predatory loan apps.

All the search queries related to “instant loan” in the iOS App Store were throwing Ads of these fraudulent loan apps.

These apps were reported to Apple in coordination with the Indian Cyber Crime Coordination Centre (I4C) but within a day or two new apps in huge numbers started to trend in the App Store top finance charts. Scammers were pushing these new clone apps in bulk. Apple with all the resources finds it tough to completely eliminate scam lending apps. By the end of July, about 60 fraudulent loan apps were removed from the Apple App Store.

Similar situation was in Google Play Store, About 30 of Top 200 Finance apps were fraud loan apps. (2 had 1M+ downloads, 1 had 500K+ and 9 had 100K+).

Though Google has a policy in place, that they do not allow apps which require repayment in less that 60 days, without proper lending licence and seeks users contacts and photos access. Whereas the complete opposite is the reality. These apps:
- Seek repayment in 7 days.
- Fake developer account, no licence, no NBFC connection.
- Takes contacts and gallery access to blackmail for recovery.

Who are the advertisers of these apps? As we can see in Google Ads Transparency Center, Advertisers of some of these apps are based out of China, Hong Kong, Nigeria and others.

Some prominent organisations whose identity was used to publish these fraudulent apps:

STCI Primary Dealer Limited - Set up as subsidiary of RBI
India Infradebt Ltd - A Govt of India Initiative
Kirloskar Group - An Indian Conglomerate
Srajan Capital Ltd - Subsidiary of Career Point Group Kota
Equitas Holdings Ltd - A Listed Financial Company
MAS Financial Services Ltd - A Listed Financial Company
Bajaj Finance Ltd - A Listed NBFC
Sundaram Finance Ltd - A Listed NBFC
SunGold Capital Ltd - A Listed NBFC
Srg Finance Ltd - A Listed NBFC
Axiscades Technologies Ltd - Provides IT Services to Defence and Automobile Sector
Synopsys India Pvt Ltd - An electronic design automation company listed in Nasdaq
Dure Technologies India Pvt Ltd - A Geneva based IT Company
True Credits Pvt Ltd - NBFC partner of lending fintech TrueBalance
Sahajanand Technologies Pvt Ltd - Provides technology to diamond industry

Example of a fake app impersonating a loan-fintech company:

Example of a fake loan app impersonating a company which was setup as a subsidiary of RBI.

Example of a fake loan app impersonating the Infrastructure Debt Fund (IDF) under NBFC format, formulated by Govt of India and a joint initiative by ICICI Bank, Bank of Baroda, Citibank & LIC.

What’s the scale of the fake loan app situation? Within the last 2 months more than 210 apps have been removed from both the stores and more than 100 still available. 90+ from App Store and 120+ from Google Play Store. Though the exact downloads for Apple are not known we can get a fair idea from Play Store. These android apps had collective downloads from 10 million to 40 million approximately. 2 apps = 1M+ downloads, 3 apps = 500K+, 41 apps = 100K+, 29 apps = 50K+, 61 apps = 10K+

The names of all the fraud loan apps currently live and removed in the last 2 months, can be accessed here. https://blpoonia.github.io/fake-loan-apps-google-play-store-ios-app-store/index.html

Who is the real loser here? The people who downloaded these apps, got access to unregulated credit at predatory rates and later harassed for recovery are definitely the most affected. But there are more to be added to the list:

1. Google & Apple: These companies are losing their credibility of providing safe and secure apps on their stores. Scammers are exploiting the app review process using fake information. They are also not able to protect the brands whose identity is being used to open developer accounts and NBFCs being mentioned as partners.
2. Legitimate credit fintechs startups: The customers who downloaded these fraud loan apps could have been borrowers of these legitimate credit apps. As the fraudulent apps are so many in number, the genuine loan-fintech apps are getting lesser visibility in stores for organic downloads. Also as these scam apps are being promoted aggressively in instant/personal loan keywords, almost all the Ad space is being taken by them; genuine apps need to compete with them and spend more on marketing to get visibility. Had these fraudulent apps not being there in the stores, it would give them easy visibility at low spend in Ads.

All the organic results including the ad are of fraud loan apps in the App Store.

A fraudulent loan app reached at #4 in top finance apps ahead of almost all the fintechs and banks. Just imagine the cash these fraudulent apps are burning to get maximum downloads.

Google Play Store displays 3 Ads on top of search results. Many times all 3 Ads are fraudulent loan apps.

How are they operating at this scale, how the money is floating? Well it’s UPI. Most of the capital seems to be flowing via P2P UPI. When one person repays a loan, the borrower's UPI ID also gets shared. Scammers only keep track of who borrowed and who paid by asking for a screenshot of the payment or UTR number. Many times even if one repays, the app operators do not mark it as paid and keep harassing.

One might think, If it’s P2P, how are they making money? The Fake Loan Apps is just one part of the operation. These apps seem to be connected to Illegal Real Money Gaming Apps and Illegal Trading Apps. There are many apps being distributed via Telegram, where scammers look for Payment Facilitators, they need people to utilise their daily UPI limit of 1 lakh and offer 1-1.5% money in return. And these facilitator apps are linked to USDT/Crypto. And that’s where the scammers are taking the money out.

There are fake UPI payment gateways too which facilitates the add money of real-money games. One looks like Razorpay but it is not. The others named AgroPay and DidaPay have no info when searched on google.

What can app stores do in this situation? They can stop app publishing at the time of:

Developer account creation with fake identity.
App review and publish with fake detail.
Ads promotions in play store and app store.

How can app stores curb the fake loan app situation?

Organisation Identity should be strictly verified at account creation time.
All app data, websites, address and support contacts should be human verified while app publishing.
Strict identity check if an app is running Ads and Promotions especially in Finance and Loan Category.
Apps seeking Contacts and Gallery Access should be human verified for legitimacy.

What can users do about this situation?
Users should be very cautious about downloading any app which claims to offer quick loans or payments without any documentation. Always try to look into developer details and websites. Verify app links by visiting the developers websites, see other apps developed by the same developer. Read the details of the app before downloading or tapping any buttons on the app.

Thanks to Deepak Abbot for reviewing a draft of this post.

1-min Anonymous Feedback: Your feedback helps me improve this newsletter. Click UPVOTE 👍🏽 or DOWNVOTE 👎🏽

🎵 Song on loop

Fintech updates can get boring, so here's an earworm: Sharing the first ever song I heard of Arctic Monkeys that got me hooked on to the band - Fluorescent Adolescent (Youtube / Spotify). Enjoy!

👋🏾 That's all Folks

If you’ve made it this far - thanks! As always, you can always reach me at connect@osborne.vc. I’d genuinely appreciate any and all feedback. If you liked what you read, please consider sharing or subscribing.