April 20, 2024

The Google Play store still hosts spyware lending apps like Joy Credito

For most of 2023, said Ana Mariela Macías González, a 31-year-old state employee from Puebla, Mexico. Rest of the world He received dozens of intimidating phone calls and text messages every day. Some of her messages included altered photographs of her and text implying she was a prostitute. Her entire contact list, which included friends, family and co-workers, also received them.

The calls and messages were from debt collectors sent by several predatory apps he had downloaded from the Google Play store, including an app called JoyCrédito. His debt had increased from 1,000 pesos ($60) to almost 60,000 ($3,500) in less than six months. When the harassment became impossible to handle, he filed a police report. Macías González said police advised her to ignore the calls, get rid of his phone, destroy his SIM card and prepare for months of more harassment of his contacts until it finally ended. Her nightmare ended in late 2023, when the calls finally stopped, but her reputation was damaged: To this day, she said, some of her coworkers still humiliate her for the manipulated photos and the horrible messages they received.

Macías González is not the only one who has filed complaints against predatory lending applications, known in Latin America as debtmount either a drop Applications. According to the Citizen Council for Security and Justice of Mexico City, a consumer watchdog group, 135 complaints have been filed with local authorities against JoyCrédito for fraud and extortion. But despite the government’s attention, the app is still available for download from the Google Play store.

For years, apps like JoyCrédito have been exploiting borrowers from Mexico to India. They lend small amounts of money with few requirements and very high interest rates to financially vulnerable people, and then extort them when the loan comes due. After years of increasing pressure from watchdog groups, Google explicitly banned the apps from the Play Store in October. But stories like Macías González’s show how widespread the apps still are and how ineffective Google has been in enforcing its own policy.

Rest of the world presented Google with 15 cases of exploitative lending apps based in Mexico that explicitly violate Play Store terms. All of them were still available in the store at the time of writing.

Of the 15 apps, 12 explicitly requested access to the camera roll or contacts in the Google Play store terms of services. Two others specified full access only on external documents. Another did not provide information about data access.

Rest of the world There were also 10 apps found in Peru that have been flagged as exploitative by the SBS, a national body that oversees banking, insurance and private pensions. All apps are still available for download in the Google Play store.

The apps rely on broad access to sensitive data on a user’s phone, such as their contact list or photos. Even before the loan is due, many apps threaten users with distributing fake or incriminating pornographic photographs to their family and friends if payments are not made.

Some users said Rest of the world They were extorted just for downloading and opening the app on their phones, without even finishing the loan application process. Macías González reported to the police that his personal data (full name, telephone number, bank account, official identification) were shared from one application to others, many of which began granting new loans on the spot. “I didn’t even download the apps, but the money was deposited in my bank account and then the harassment started to return it with interest,” he said. Although he had only downloaded six apps, police records showed that his data ended up in about 150 apps.

Google is well aware of the problem. In Mexico, a Google spokesperson confirmed that the company is working together with the Mexico City Citizen Security Office to closely monitor the applications due to the high volume of police reports against them.

“We take this issue very seriously and are committed to offering a secure platform for billions of Android users,” said Ricardo Zamora López, head of communications at Google Mexico. Rest of the world in a sentence. “We will continue to investigate and collaborate with the corresponding authorities.” [in Mexico] in ongoing investigations, with whom we have already established a protocol.”

In theory, the apps violate Android developer policies that prohibit personal loan apps from accessing sensitive data like your camera roll or contact list. Apps that offer short-term loans are also prohibited. But in practice, even lending apps that explicitly advertise predatory short-term lending in their terms of service can be found on the Google Play Store. The terms and services of a Colombian app called LuckyPlata, which are linked in its Play Store description, explicitly state that the app collects “contact list, SMS, SMS log and images which, incidentally, could contain sensitive personal data” . The terms and services of Buen Dinero, a Peruvian app available on the Play Store, state that the app will collect SMS log and contact list, “including name and phone number.”

Digital rights watchdog groups said Rest of the world The explicit descriptions raise the question of whether Google is reviewing the apps’ terms and services. “Apps describe in their privacy policies all the terrible things they can do, and yet Google considers the requirement met,” said José Flores, digital rights activist and head of communications at R3D.

In other cases, scammers evade bans by changing their name or creating a similar application. “These types of companies are constantly evolving,” said a spokesperson for Peru’s SBS. Rest of the world. “Often, after receiving public complaints, the people who run the app change their names so they can continue taking advantage of users.”

In Peru, a company called Alpacash-Préstamos en Perú was removed from the Google Play store in 2020, only to re-emerge in 2023 as Alpacash-préstamo. In Colombia, Google banned a spyware lending app called Unicop, only to see a copy appear under the name UnicopPro. (Their logo is exactly the same as Unicop’s, except for a small dollar sign.) Magicrédito, a lending app based in the Escandón neighborhood in Mexico City, was removed from the Google Play store in 2021, but returned as Quikrédito with the same registration. direction than its predecessor. According to data from the Citizen Council for Security and Justice of Mexico City, 18 people formally filed a police complaint against Magicrédito. It has now been removed from the Google Play store.

Police reports suggest the problem is affecting tens of thousands of people across Latin America. In Colombia, more than 8,000 people filed complaints against abusive loan apps with the country’s cybercrime office last year. Peru’s national police received more than 400 complaints against the applications. Between 2021 and 2023, Mexico registered more than 18,000 complaints, according to the Citizen Council for Security and Justice of Mexico City.

Reports to authorities may capture only a small part of the problem. In May, researchers from cybersecurity company ESET found an 88% increase in cases of spyware lending applications in the first half of 2023.
As spyware loan scams increase, authorities in Colombia and Mexico have tried to address the problem through targeted police raids. In August 2022, Mexico City police raided the offices of companies linked to more than 90 extortion apps and arrested 27 people who allegedly made extortion calls. A similar operation took place in Colombia in November 2023, with 9 people detained and linked to a broader criminal operation.

Leave a Reply

Your email address will not be published. Required fields are marked *