If you’re an avid user of social media in Kenya and a keen follower of whatever is happening on Twitter and other platforms then you may have noticed something peculiar these last few days.
Twitter influencers had all switched their avatars to this:
Unknown to many (at that time), the image is the logo of a new service that, as far as I know, went live today after a few days of teasing and hype. The service is called XtraValue and it has Android and iOS applications available on the respective mobile app stores through which users can sign up to receive discount vouchers for anything from beers, milk shakes, pastries and Uber rides every time they top up airtime on their mobile phones. At least that’s what it says it does.
On paper, that seems noble. I mean, who doesn’t want an extra free something? Until you get to the app’s sign up process itself.
The app asks for a few personal details like phone number, age, email address and what have you. Just the basics that, normally, most services would ask for. But then I decided to check the terms and conditions (who does that?). Guess what I found tucked nicely in there?
You agree that we may collect, use and share certain information regarding the contacts contained in your devices’ phone book (all Contact information) for promotional and marketing purpose and also share it with any third party in accordance with the Privacy Policy. By allowing the Contact Information to be collected, you give XtraValue and/or Direxions Kenya Limited a right to use the Contact Information as a part of the service provided by XtraValue and/or Direxions Kenya Limited, and you guarantee that you have any and all permissions required to share such Contact Information with us.
Yup, that.
Read the fine print, people.
On closer inspection, the app appears to only be in need of one’s contacts and nothing else. This shouldn’t be of much concern to Android Marshmallow (and up) users since they can simply deny the app permission to harvest their phone books when it requests to as soon as one completes signing up and starts using it. I am not sure if one can continue using the app after doing that since I aborted my sign up process after reading the terms and conditions. For iPhone users and the rest of the Android device users (who should be a majority since Android 6.0’s reach is quite minimal at the moment), however, they need to have this in mind when attempting to or using the app.
The entire terms and conditions of the app/service require some fine reading since you’ll be shocked what you’re signing up for but for now, the privacy concerns are too overwhelming to be brushed aside.
I’ve reached out to XtraValue and will update this article if and when I hear back from them.
Update 29th September 2016 at 5PM
We have since heard back from the folks behind the app and here’s an excerpt from the Direxions Kenya CEO’s response to our queries on the app scraping off contact data and them selling it off to third parties as indicated in the terms and conditions:
…we at XtraValue, value our customers privacy and would not do anything to compromise that. We have taken a lot of feedback from users like yourself and made our terms and conditions even more explicit and clearer on our privacy policy. You can find the updated terms in the terms and conditions tab on our app menu. Our app provides the feature for users to top up any prepaid number from their phone book and as such needs access to their phone book. We do not store any phone numbers from the users contact book. Similarly our app allows users to upload their picture to update their profile on the app. As such the app needs access to users gallery or storage device where the pictures are stored. This storage differs from device to device and as such the play store includes all such storage media when it informs the person downloading any app.
Furthermore the user always has the option to change access settings to any app in their settings menu on their device to be absolutely secure and aware of what access they provide to what apps.
The terms of use have, as a result, been updated to reflect this.
A statement posted on the app’s social media pages reads:
We respect the privacy of our data and we do not pass on this data to anyone apart from the services which need this. For example, the top up provider needs access to your number to top up your phone. The payment gateway needs your number to receive money from your number.
We are amending our terms and conditions to make it more explicit and clear that we do respect your privacy and we do not store any information over and above what is needed for servicing your requirements on our app.
The revised terms shall soon be updated on your app.