The Controller General of Defence Accounts (CGDA) has reportedly expressed concerns about security risks associated with two loan apps, CASHe and Toop , which it alleges could be exploited by foreign agents to obtain sensitive information from the mobile devices of defence personnel.

What Happened: CASHe, holding an NBFC license and subject to RBI audits, denies these allegations, Moneycontrol reported. In a statement to the publication, CASHe asserted that it does not request contact details from customers and has not experienced any data breaches.

The Toop loan app has multiple complaints on Google Play’s support page, mainly related to alleged “misuse of contacts.” The app is no longer available on the Play Store.

Where It All Began: The CGDA advisory from December 21, 2023, was publicly disclosed on January 16, 2024. It reported that defence personnel using loan apps on Google Play were targeted by foreign agents, compromising their credentials and workplace contacts.

The advisory raised concerns about the availability of suspicious apps on Google Play, emphasising the potential misuse of contact details, passwords and other data related to defence and security work. It urged officials to take action to prevent the misuse of such apps.

CASHe told the business outlet that it was committed to information security and cybersecurity. The company stated that it does not request customer contact details and has not experienced any data breaches.

CASHe is part of FACE (Fintech Association for Consumer Empowerment) and actively contributes to maintaining a secure financial ecosystem, it said. The platform reassured its dedication to safeguarding user data.