Digital Dangers: Unveiling the Risks of Microloan Apps in the Middle East and Africa

Mobile Users in the Middle East and Africa Vulnerable to Suspicious Financial Mobile Apps

Risks of Suspicious Financial Mobile Apps

Recent research has revealed that mobile users in the Middle East and Africa (META) are the third most likely to install suspicious financial mobile apps, particularly those claiming to offer microlending services. Microlending is a popular practice in the region, where many residents lack access to mainstream credit markets. These seemingly legitimate financial mobile apps request access to text messages, contacts, and photos/videos before providing a loan.

However, these apps collect users’ personal data from their smartphones as collateral in case of delayed debt payments. Unlike legitimate microfinance options, these apps operators use the data collected to force users to repay their debts through unscrupulous means. For example, they may dispatch information to all of the user’s contacts, informing them of the user’s debt and including photos from the gallery.

The Importance of Vigilance

Users should remain vigilant and report any suspicious apps to Google. Additionally, users need to be cautious when granting permissions to apps. It is essential to question why a loan app would need access to the camera, photos, or other documents on the device.

Chris Hauk, a consumer privacy champion at Pixel Privacy, advises users to think carefully before granting permission to any downloaded app. This level of caution can help mitigate potential risks and protect users’ personal information.

Cyber Maturity in Transition

Vulnerabilities in the META Region

According to research by cybersecurity firm Kaspersky, 14% of potentially unwanted mobile financial apps on Android phones were installed by users in the META region throughout 2022 and the first quarter of 2023. This places the region third in terms of the number of installs, behind the Asia-Pacific (APAC) and Latin America (LATAM) regions.

There are several reasons why these apps are gaining traction in the META region. Firstly, it is an emerging technology market where mobile infrastructure plays a vital role in enabling basic needs. Many users are not adequately prepared to deal with the scams and malware present on the internet. For a significant portion of the population, their mobile phone serves as their only computing device, banking outlet, communication link, and even TV.

Furthermore, the region lacks the same level of technology protection found in other parts of the world. Although Android dominates the market share in the Middle East and Africa (78% and 80% respectively), some phones sold in the region may not have access to standard Google services like the Play Store. As a result, users are more likely to resort to less-reputable app stores that may contain malware and other unwanted apps.

While Google does vet the apps allowed on the Play Store, the system is not specifically designed to check for over-permissioned lending apps like these. As a result, users in the META region are at a higher risk of falling victim to suspicious financial mobile apps.

A Multifaceted Problem

The challenge posed by mobile apps in the META region is multi-faceted. Beyond the issue of fully functioning apps being overzealous with their permissions and exposing user data, other mobile concerns also exist. Outdated versions of apps may contain known software vulnerabilities that can be exploited, and malicious versions of apps may impersonate well-known brands, putting users at risk.

However, the usual best practices, such as only using trusted app stores, scrutinizing app permissions, and regularly updating software, are currently difficult for many META users to implement. Tom Davison, senior director of engineering international at Lookout, emphasizes that it can be challenging for users to distinguish between legitimate and illegitimate apps, especially in desperate situations where apps like microlending options may be downloaded.

In addition, awareness of security vulnerabilities is often inconsistent. In the Android ecosystem, every original equipment manufacturer (OEM) is responsible for deploying their own patches, and the schedules can vary significantly between device-makers. This situation poses a significant challenge for mobile-only, non-cyber-savvy individuals, who struggle to keep up with the constant updates and patches required to maintain their device’s security.

Conclusion: Emphasizing Cyber Fluency and Maturity

To address the growing vulnerabilities in the META region, there is a pressing need for increased cyber fluency and maturity. This requires collaboration between institutions, the private sector, and security companies to provide awareness training and improve vendor safety efforts.

Enhancing cyber fluency and maturity will empower users to make informed decisions regarding app permissions and reduce the risk of falling victim to suspicious financial mobile apps. It is crucial to provide assistance to users in identifying legitimate apps, ensuring access to trusted app stores, and regularly updating their devices to protect against known vulnerabilities.

By prioritizing cyber fluency and maturity, the META region can create a safer digital environment and provide its mobile users with the necessary tools to navigate the digital world securely.