The Controller General of Defence Accounts (CGDA) has raised concerns about two loan apps, CASHe and Toop, citing potential security risks. The CGDA alleges that these apps could be exploited by foreign agents to extract sensitive information, such as contact details, from the mobile devices of defence personnel.
CASHe, which has an NBFC license and is subject to audits by the Reserve Bank of India (RBI), has denied these allegations. In a statement to Moneycontrol, the fintech company stressed that it does not ask contact details from its customers and has not experienced any data breaches.
Meanwhile, Moneycontrol was not able to ascertain the legitimacy of the Toop loan app. However, the publication was able to locate multiple complaints regarding Toop on Google Play's support page. Most complaints regarding Toop was regarding alleged "misuse of contacts". The app is no longer available on the Play Store.
This advisory by the CGDA dated December 21, 2023, was only made publicly available on January 16, 2024.
"Recent inputs received from reliable sources have revealed that it has been seen that the personnel deployed in Defence R&D and Defence Production had downloaded loan apps from Google play on their mobiles which made them being targeted by foreign agents using unidentified Pakistani and Indian numbers for sharing workplace contacts. They shared their credentials while registering with these apps," the advisory states.
The advisory added that agents gained access to data stored in mobile, including contact details, and start calling defence personnel "extorting money and threatening them to provide workplace contact details".
"The details that were downloaded by these personnel include Toop App and CASHe Personal Loan App. Availability of such suspicious/spurious apps on Google Play store is a matter of serious security concern. There is a possibility of misuse of contact details, passwords and other data particularly to those handling defence/security work," the advisory added. It requested other officials to take action to prevent misuse of such apps.
When reached out to CASHe regarding the allegations in the advisory, the company said, “We were made aware of the circular issued by the Controller General of Defence Accounts (CGDA) dated December 21st, 2023, which mentions CASHe in the matter related to 'predatory lending apps on Google Play Store', on January 29th, 2024. Our NBFC is an RBI-registered, Systematically Important NBFC ranked among the top 200 NBFCs in India. Hence, information security and cybersecurity are of utmost importance to us and are maintained at high standards."
"We would hence like to categorically mention that there has been no breach or information access by external parties, of any sort. The circular suggests a ‘possibility of misuse of contact details, passwords, and other data. CASHe does not ask for the contact details of any of its customer's contacts and asking to share such information is not possible," it added.
"Additionally, CASHe is a founding member of FACE (Fintech Association for Consumer Empowerment), a self-regulated association that practices fair and responsible digital lending and protects consumer interests. We have also been part of the working committee that notified the regulator about the presence of unauthorized lending apps on Google Play, solidifying our commitment to maintaining a secure and trustworthy financial ecosystem. We want to reassure you that we remain dedicated to safeguarding user data and providing a secure environment for all our customers. We hope the above statement clarifies our stance on this issue," the platform added.
When reached out with queries on the presence of predatory loan apps that CGDA flagged in its advisory, a Google spokesperson said, “Providing a safe and secure experience across Google’s products is our top priority, and we continuously update our policies across all our products to keep users safe from emerging threats and bad actors."
"In the past years, we have consistently worked towards combating fraud by personal loan apps on Google Play by updating our policies and review processes. In India, in 2022, we reviewed and took necessary enforcement action, including removal of apps, on more than 3,500 personal loan apps for violations of the Play policy requirements. We continue to uplevel our efforts in this space, and engage with law enforcement agencies and industry bodies to help address this issue," it added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
