One night in November 2020, Sai Aravind, telephoned a friend. In the course of the two-hour conversation, the 23-year-old wept incessantly, almost unable to speak through his tears.

Aravind died by suicide the following day. According to the police, he was distressed after text messages about him had been sent to his entire contact list. “He sends his mother and sister to work as prostitutes and lives on the money earned by them,” said one text. Another said, “He sends his friends to have sex with his mother, wife and daughter.”

Aravind didn’t send these texts himself. Fifteen days before his death, he had taken a loan of Rs 3,000 using an app called SnapIt. When he failed to repay, the team behind the app purportedly texted all his contacts with messages to humiliate him.

His friend told Newslaundry the company allegedly also threatened to “morph” his pictures and post them online. Newslaundry has seen copies of these messages sent to Aravind’s contacts from unknown numbers.

Aravind is one of “at least 64 people” across India who have died by suicide in the past year after being “threatened” and humiliated by online loan apps, according to cybersecurity expert Pravin Kalaiselvan.

These apps offer small loans without requiring much paperwork but charge heavy interest rates, often above 100 percent. They then bully the customers who are unable to repay the loans in time with astronomical interest. Most of the apps require users to grant apps access to texts, images and contacts while installing them, even to the camera. The apps then copy contact lists and photos, and use them to harass the victims.

Earlier this year, the Reserve Bank of India identified 600 “illegal lending apps” operating in India. According to India Today, the central bank had received over 2,500 complaints against online lending apps from January 2020 to March 2021.

On September 9, finance minister Nirmala Sitharaman took cognisance of “illegal loan apps” that offer loans at “exorbitantly high interest rates” and using “predatory recovery practices”. To operate, these apps must register with the RBI and be part of their “white list” – which Sitharaman told the RBI to prepare – of lending apps that are permitted to be listed in app stores. According to reports, the RBI has also devised norms to “ensure that a borrower must deal directly with a bank for lending and recovery” to eliminate third-party agents.

Analysis by the Mobile Security Framework, which is a tool to test security of apps, noted that while installing loan apps like Rupeeway, Smart Pokket and Tytocash, users tend to automatically grant permission to these apps to access contact data, or even to take pictures and videos using the phone’s camera – though some of these permissions are not imperative for the app to work.

This is then wielded to harass them.

Pravin Kalaiselvan, who is director of a cybersecurity group called SaveThem India Foundation, believes the issue is serious enough that the Reserve Bank must step in.

“RBI should ask Google to remove unauthorised lending apps from its Play Store. RBI should also make a white list of eligible apps which can be listed on the Play Store,” he said.

As for the police, Kalaiselvan said only a “handful of states” like Telangana, Odisha and Tamil Nadu are taking such cases seriously. “DGPs across states should pass orders that police stations should file FIRs on the complaints of such victims,” he said.

It isn’t illegal for a loan app to recover money lent, “but there is a way to do it”, Kalaiselvan said. “The RBI has set up guidelines. They can take the borrowers to court. But they don’t, because they know what they are doing is illegal.”

Nandkishore Harikumar, a cybersecurity analyst, said his team surveyed 60 to 70 loan apps, all of which required “maximum permissions” during installation.

“Consumers who install the apps never think about why a loan app needs access to your microphone or photo gallery,” he said. “But due to their needs, they allow all permissions. Even if we identify an app and report it, the people behind the app renames it and uploads it again.”

Harikumar said it took a long time for Google to even remove many of these apps, and the apps would still be available on websites, if not the Google Play Store.

He pointed out that such apps were promoted under the names of existing, credible authorities. Last month, for instance, a group masquerading as the Mananthavady Cooperative Farmers Society online encouraged users to download malicious apps. “They use credible names to trick people, and they pretend to have an NBFC licence,” said Harikumar. “In India, we still don’t have a regulatory authority to report these kinds of data thefts. This cannot be solved with just technical expertise. A mix of technology, policy and government intervention is needed.”

‘I made the biggest mistake of my life’

Hillary Manjeshwar, in Pune, wanted to take a loan of Rs 30,000 in July to pay her child’s school fees. A Google search led her to Creditt App, which she promptly installed.

“It asked for permission to access my contacts, gallery, etc,” Manjeshwar said. “In the app, I entered basic details like name, age, salary statement, PAN card, Aadhaar card. I then received a notification saying I had been approved for a loan of Rs 27,500.”

To get the money, the app prompted Manjeshwar to upload a video of herself promising that she would return the money to Creddit App. She did and received a message on WhatsApp asking her to digitally sign an agreement using an Aadhaar OTP.

“I did,” she said, “and the amount was transferred into my account within a few minutes.”

Her troubles had just begun. She thought she had 90 days to repay the loan, but the fine print on the agreement she had signed digitally stated that she had to repay it within 15-30 days. The interest rate was 0.3 percent per day. When she could not repay on time, the interest rate spiked to 0.6 percent a day.

“I had made the biggest mistake of my life,” Manjeshwar said. “I missed the due date, and started getting 50 to 100 calls from different numbers. I asked them to give me a few days. But they started sending abusive messages to my phone contacts.” Manjeshwar claimed her relatives were even sent “legal notices” demanding repayment, followed by men demanding the money.

“I was humiliated and harassed,” she said. “I would have ended my life if I wasn’t responsible for my two children.”

On September 9, Manjeshwar filed an online complaint on the National Cyber Crime portal. She also went to the local police station and gave a complaint saying she would be “forced to commit suicide if this harassment does not stop”.

Similar stories have been reported in the media.

On September 13, a 24-year-old woman was arrested in Pune on the charge of murdering her grandmother. According to the Indian Express, the police suspect the woman wanted to rob her grandmother to repay the loans she had taken from online credit apps.

Sohail Shaikh’s relatives, also in Pune, received morphed photos of his wife after he failed to repay a loan he’d taken through two apps – Magicloan and Cashmarket.

In May, Malad resident Sandeep Koregaonkar, 38, died by suicide. Morphed photos of him had been sent to his colleagues, friends and relatives after he downloaded a loan app, Times of India reported.

In Koregaonkar’s case, a loan recovery agent was arrested in Rajasthan on charges of abetment to suicide. But in most of the others, no arrests were made.

At least eight people told Newslaundry about the harassment they received after using different loan apps. They claimed the police dragged their feet in filing complaints, let alone registering FIRs.

A pattern of harassment

In December last year, Bhoomi Sinhaa, 48, took a loan of Rs 47,000 using an app called Fortune Now. “They sanctioned the loan at an interest rate of 35 percent for seven days, though the advertisements had promised 90 days,” said Sinhaa, who lives in Mumbai. “They disbursed Rs 40,000, saying Rs 7,000 was deducted as processing fee.” The amount was credited into her bank account.

Newslaundry could not find out who runs Fortune Now, or any of the other loan apps that harass their customers.

Sinhaa began receiving phone calls from unknown numbers asking her when she was repaying the amount with interest. A week later, she was receiving “almost 50 calls” a day.

“I told them I’d pay within two or three days,” said Sinhaa, adding that she didn’t have the money for repayment. So she took a loan of around Rs 8,000 from another loan app.

By February, Sinhaa had taken loans from 60 apps to repay the original Rs 47,000 plus interest – which incredibly worked out to Rs 16 lakh, she said.

The frequent phone calls from people working for these apps continued, and increased.

“Two loan app companies called Plump and ForPay somehow WhatsApped my entire contact list with pictures of me and my daughter,” she alleged. “I started getting WhatsApp messages with pictures of nude women, warning that my face would be morphed onto those photos and sent to my contacts. The messages threatened to put pictures of me and my daughter on porn sites and publicise us as prostitutes.”

On February 24, Sinhaa went to the Malabar Hill police, only, she alleged, to be “mocked” by the inspector on duty. She tweeted about her issue and received a call from the Mumbai police telling her “not to worry”. She managed to submit her complaint to the police station, but it was not registered as an FIR.

Two days later, Sinhaa received messages from people she knew saying they had been sent “nude” photos of her. The messages were purportedly sent to her daughter, her daughter’s schoolfriends, and dozens of other people.

“I was aghast,” said Sinhaa. “I didn’t know how to deal with it. People close to me raised doubts about my life, raised questions about my character. My life will never be the same.”

Newslaundry spoke to Rajendra Ojha, senior police inspector at Manikpur police station where Sinhaa’s complaint was filed. He said, “I cannot comment on the complaint as I am on leave.”

Sujay, in Odisha, said he used a loan app called Kash Loan to borrow Rs 1.3 lakh. When he failed to repay, he added, a message was sent to his contacts.

“This person is a fraud, cheater and rapist,” the message purportedly said. “He raped an eight-year-old girl. He took a loan from us and ran away. He has given your number as emergency contact. Call him to remove your number or pay the loan.”

Sujay told Newslaundry he had to pay a total of Rs 3.5 lakh – his initial amount plus interest – and only then did the harassment stop.

In Tamil Nadu, Selva said he took a loan of around Rs 20,000 on an app called Cash World. When he delayed repaying it, this message was purportedly sent to his friends, family and colleagues: “He raped a six-month-old baby...He earns money by sending his mother, wife and daughter to work as prostitutes.”

Newslaundry has seen copies of these text messages.

In Gujarat’s Rajkot, Bharat Motwani, 25, borrowed a total of Rs 35,000 from three apps – Money View, Insta Money and Flex Salary. “I repaid Rs 25,000 but delayed the rest,” he said. “They sent obscene, morphed photos of me to 231 contacts in my phonebook. They made a WhatsApp group with my family members and said I was a thief, they used the worst words. They said my family had to bear the consequences if I didn’t pay them back.”

Motwani said he received “more than 7,000 messages” and blocked 2,321 phone numbers during the course of this harassment. “I tried to file a police complaint,” he said miserably, “but the police didn’t file an FIR.”

Telangana is one of the few states where the police have been proactive in taking cognisance of these cases. Since January 2022, they have registered 140 cases against loan apps accused of harassment. KVM Prasad, an assistant commissioner with the Hyderabad police’s cybercrime unit, said eight people died by suicide in Telangana last year purportedly after being harassed by loan apps.

“We arrested 24 people across the country after that,” Prasad said. “We raided around nine call centres in Hyderabad, Bengaluru and Delhi. They were using Chinese spoofing apps to make the calls. They were internet calls but to the victims would appear as normal calls from a mobile phone. It’s high time this harassment is taken seriously. Victims are losing their lives and many are falling into depression.”

Some names have been changed to protect identities.

Correction on Sept 26: Pravin Kalaiselvan’s name was misspelled as Kalaiselvam, and Creditt as Creddit. The errors are regretted.