These predatory loan apps have been installed over 15 million times — delete them now

A loan application form on a smartphone
(Image credit: Shutterstock)

Going to a bank to secure a loan isn’t always the quickest way to get money fast especially when you’re in a pinch which is why mobile loans apps have become increasingly popular. However, not all mobile loan apps are as legitimate as they may appear to be at first glance.

According to a new report (opens in new tab) from Lookout, the cybersecurity firm’s researchers have discovered close to 300 predatory loan apps on the Google Play Store and the Apple App Store. While these apps claim to offer fast, digital loan approvals with reasonable terms, they actually exploit vulnerable borrowers and trick them into signing predatory loan contracts instead.

In total, Lookout found 251 predatory loan apps for Android on the Play Store which have been downloaded over 15 million times as well as 35 such apps on the App Store that managed to make it into the top 100 finance apps in their regional stores.

Thankfully, Lookout has been in touch with both Google and Apple and all of the apps in question are no longer available to download.

Delete these apps now

Below you’ll find some of the predatory loan apps targeting Android users as well as the full list of iOS apps. If you have them installed on your devices or know someone that does, they should be deleted immediately – granted you didn’t sign up for a loan.

Android apps

  • ActiCredito
  • AdaCash
  • AdaKredit
  • AddMoney
  • BaseWallet
  • Bazza
  • Bear Loan
  • Cash Star
  • Cash World
  • CashBus
  • CashCashNow
  • CashFamily
  • Easy Loan
  • Easy Note
  • EasyLoan
  • EasyLoan
  • Fair Credit
  • FairKash
  • FairLend
  • Fast Coin
  • LibreCash
  • LionCash
  • LiveCash
  • Money Club
  • Money Loan
  • Money Pocket
  • MoneyCash
  • More Cash
  • WeShare
  • WiseLoan
  • Yes Cash

iOS apps

  • CashG
  • Crediluna
  • CreDinero - Préstamo personal
  • Credylana
  • Dana Harapan - Pinjaman Online
  • Duit Langit- Pinjaman Online
  • EasyPeso-Préstamos en efectivo
  • Fácil Préstamo
  • FacilCash-Préstamo seguro
  • Flying Cash
  • HappyPera 2 - Easy Cash Loan
  • Kantung Online
  • Kapten Pinjam-Layanan Keuangan
  • LimaSaku - pinjaman dana tunai
  • Loan Point-Easy loan
  • Loanme - easy & instant loan
  • LoanZone-online loan
  • MineQ
  • One Cash-online loan
  • PahlawanPinjaman-pinjaman uang
  • PCash
  • PeraUp - Mobile Cash Loan
  • PinjamanTeman-pinjaman pribadi
  • PinjamUang - Pinjaman Online
  • PundiPaL-Pinjaman mikro
  • RapiCASH - Préstamos sencillos
  • Rapiloan
  • RupeeMe
  • RupRup
  • Trycash
  • Tunai Cepat- Pinjaman Online
  • Uang Cepat - Pinjaman Online
  • Uang Ligat - Pinjaman Mikro
  • Wadah Lapak - Selamat Meminjam
  • Wecash

Unnecessary permissions

As is the case with a traditional loan, users that downloaded these loan apps were required to provide personal and financial information before they could get approved. However, the apps also required users to grant a number of device permissions as part of the process.

These device permissions include being able to access a user’s call logs, SMS messages, installed apps, photos and their contacts. If a user failed to grant access to any of these permissions, the loan apps wouldn’t allow them to proceed. 

Based on Lookout’s analysis of these loan apps, many of them would begin collecting contact information as soon as the necessary permissions were given and some of the Android apps would also exfiltrate SMS data.

While malicious apps might collect this data and then sell it on the dark web or use it to commit fraud, the operators of these predatory loan apps used contact information from victims in order to harass them and their families about repaying the loans. Sometimes, this would even occur before the repayment deadline had passed.

Turning to a mobile loan app for quick cash can be embarrassing on its own but when your friends, family and even your colleagues find out about it through messages designed to harass you, it makes the situation even worse. Also, with access to your photos, the operators of these predatory loan apps could even use them to commit blackmail.

Huge penalties and a shorter repayment period

Even though these loan apps appeared to offer reasonable terms at first, things quickly changed once they received a small portion of the loan amount they applied for.

In a separate report from The New York Times (opens in new tab), borrowers saw large fees – which were as high as one third of the total amount of the loan – subtracted from the amount of money they would receive. Likewise, other victims saw extremely high interest rates kick in and they were asked to repay their loan within a matter of days.

The problem here is that both Google (opens in new tab) and Apple (opens in new tab) have very specific guidelines for personal loan apps on their respective app stores. Both tech giants allow for a maximum annual percentage rate (APR) of 36 percent and the minimum amount of time to repay a loan must be greater than 60 days.

The loan apps that Lookout investigated were in compliance with the Play Store and App Store’s policies but the terms that were paid out to borrowers were completely different than those described in the listing pages of these apps. For instance, in one review for the iOS app Trycash, a user reported that the app said they would have 180 days to repay their loan when in reality, only eight days were provided. 

According to Lookout’s analysis, there are likely dozens of independent operators involved in this campaign as its security researchers only found that some of the apps in question shared the same code base. 

How to stay safe from loan scams

In order to protect yourself from this loan scam and others like it, you should only apply for loans from established institutions like well-known banks and other lenders. Before taking out any loan, you need to carefully research the organization you’re borrowing from and find out about its history, reputation and whether or not it’s registered with national regulatory agencies.

If you do decide to use a mobile loan app, you should carefully scrutinize any permissions requested by the app after you’ve installed it. Does this particular app really need to access your contacts, text messages, location, files or photos?

You also want to avoid installing apps from unknown sources as they can contain malware or other viruses. Sure, malicious apps do end up on official app stores from time to time but Google and Apple both have security checks in place to prevent this from happening. If you have an Android phone, you want to ensure that Google Play Protect is enabled as it can scan new apps as well as those you've already installed for malware. For even more protection though, you may also want to install one of the best Android antivirus apps.

Even though getting a loan through your smartphone is certainly faster, when in doubt, you’re better off heading to the bank or calling a financial institution over the phone to schedule an appointment.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.