SUMMARY
Google’s policy that will disallow applications from accessing high-risk information from other apps
The said policy can severely impact the Indian digital lenders which rely on data from other applications to evaluate creditworthiness
Google requires developers to explicitly state the reason to acquire such high-risk permissions from May 5, 2021
Google has announced major changes to its Google Play developer policy that will disallow applications from accessing high-risk information or sensitive permissions from other apps installed on an Android device. The move also aims to stop an application’s access to installed app inventory on an Android device until it impacts its ability to undertake core user-facing functions.
As per a post by Google on its Play Console support page, the changes in the developer program policy will come into effect on May 5, 2021. Google explained that the step is taken in line with its existing policy as Google Play regards a device’s inventory of installed apps from a user’s device as personal and sensitive information.
Google said it had reviewed hundreds of lending apps in India and removed those that violated its terms on loan tenure. It also said developers must only access permissions that are necessary to implement current features and services. As mentioned, if a developer’s app does not meet the requirements for acceptable use of app inventory, they must remove it from the app’s manifest.
In case the app meets the policy requirements for acceptable use of the app inventory, they are required to declare the high-risk permissions using the Declaration Form in the Play Console. If apps fail to meet policy requirements or developers do not submit a Declaration Form, the app may be removed from Google Play. The declaration must be revised and updated with accurate information in case there are changes to comply with the policy changes.
Lending Apps Accused Of Harassment, Data Mining
It can be seen as another step towards strengthening measures for user privacy, but it does pose a challenge to an array of lending businesses and loan apps operating in India. The said policy can severely impact the Indian digital lenders which rely on alternate data such as installed applications on the device to evaluate creditworthiness.
Such lending platforms and loan apps in India have come under greater scrutiny over the past few months for their methods, including tracking of user activity on mobile, harassing contacts sourced from their devices, their location, aggressive collection tactics, and alleged misuse of borrowers’ data, highlighting the risks of driving financial inclusion with newer technologies.
The rise of smartphones and affordable mobile Internet in India has seen an abundance of personal lending apps in recent times. Such lending apps are widely popular among those employed in informal sectors, college students, the newly salaried, and other consumers or small businesses that do not have a credit history. Predominantly, these are unsecured small-ticket loans that require no collateral.
Many of the apps in this category require users to hand over sensitive permissions such as contacts, location data, data from other apps, text messages, and other personal data to assess creditworthiness, track borrowers in the real world and mitigate the risk of defaults.
In December 2020, the Reserve Bank Of India (RBI) issued a warning against the misuse of device data by lending platforms. Referring to reports about individuals and small businesses being harassed by digital lenders, the RBI said, “These reports also refer to excessive rates of interest and additional hidden charges being demanded from borrowers; adoption of unacceptable and high-handed recovery methods; and misuse of agreements to access data on the mobile phones of the borrowers.”
The central bank also mandated that digital lending platforms disclose the name of the partner banks and NBFCs upfront to all consumers and SMB customers.
Following this in January, Google took action against loan apps that did not fit its policies for loan repayment terms. As per its Play Store policies, financial services apps that offer unsecured or secured personal loans are required to disclose key information in the app description on the store and at the time of submitting the app.
Last month, in order to address the issue, the RBI also asked Google and other app distribution platforms to disclose details of the process for listing lending apps. It asked Google to share the eligibility criteria for listing fintech loan apps on Google Play Store.
