Google moves to restrict loan apps from accessing call logs, contacts, photos and videos

An update to Google’s financial services policies this month seeks to mark the end of predatory practices by loan apps: accessing sensitive user data beyond what they need that they sometimes use much to the disadvantage and embarrassment of their customers.

Google now requires loan apps not to collect a user’s exact location, call logs, contacts and media (photos and videos) in order to be listed on the Play Store:

Apps that provide personal loans, or have the primary purpose of facilitating access to personal loans (i.e., lead generators or facilitators), are prohibited from accessing sensitive data, such as photos and contacts. The following permissions are prohibited:

It has been a common tale in Kenya over the last few years where users of various loan apps complain of having their contacts called by staff and/or agents of the said loan apps when they fail to pay back their loans on time. This has been so because the apps would normally upload entire contact lists and messages of the users. While the latter may be necessary to scan the mobile money messages therein for on-the-spot credit scoring, the former has been largely malicious.

As a result of the many complaints from customers over such tendencies, the government of Kenya stepped in to rein on the errant digital credit providers. The Central Bank of Kenya (CBK), the financial services industry regulator in the country, introduced the Digital Credit Providers Regulations over a year and a half ago, barring digital credit providers from making calls to a customer’s contacts as a debt recovery mechanism as well harassing customers and using profane language.

The regulations, alongside the country’s stringent data protection laws, have largely meant an end to the harassment and mistreatment of customers of digital lending apps which are increasingly popular. With Google restricting the said apps from collecting a user’s exact location, call logs, contacts and media (photos and videos), this is the final nail in the coffin as they will be lacking anything to use against the customers and their contacts to start with.

A check by Nation in January found that digital credit providers had disengaged the services of debt collectors after the going into effect of the DCP regulations in 2021.

The Google policy goes into effect on 31st May 2023. This means that digital credit providers have just under two months to update their apps to comply with the policy change.