If you’re an avid user of social media in Kenya and a keen follower of whatever is happening on Twitter and other platforms then you may have noticed something peculiar these last few days.
Twitter influencers had all switched their avatars to this:
Unknown to many (at that time), the image is the logo of a new service that, as far as I know, went live today after a few days of teasing and hype. The service is called XtraValue and it has Android and iOS applications available on the respective mobile app stores through which users can sign up to receive discount vouchers for anything from beers, milk shakes, pastries and Uber rides every time they top up airtime on their mobile phones. At least that’s what it says it does.
On paper, that seems noble. I mean, who doesn’t want an extra free something? Until you get to the app’s sign up process itself.
The app asks for a few personal details like phone number, age, email address and what have you. Just the basics that, normally, most services would ask for. But then I decided to check the terms and conditions (who does that?). Guess what I found tucked nicely in there?
Read the fine print, people.
On closer inspection, the app appears to only be in need of one’s contacts and nothing else. This shouldn’t be of much concern to Android Marshmallow (and up) users since they can simply deny the app permission to harvest their phone books when it requests to as soon as one completes signing up and starts using it. I am not sure if one can continue using the app after doing that since I aborted my sign up process after reading the terms and conditions. For iPhone users and the rest of the Android device users (who should be a majority since Android 6.0’s reach is quite minimal at the moment), however, they need to have this in mind when attempting to or using the app.
The entire terms and conditions of the app/service require some fine reading since you’ll be shocked what you’re signing up for but for now, the privacy concerns are too overwhelming to be brushed aside.
I’ve reached out to XtraValue and will update this article if and when I hear back from them.
Update 29th September 2016 at 5PM
We have since heard back from the folks behind the app and here’s an excerpt from the Direxions Kenya CEO’s response to our queries on the app scraping off contact data and them selling it off to third parties as indicated in the terms and conditions:
Furthermore the user always has the option to change access settings to any app in their settings menu on their device to be absolutely secure and aware of what access they provide to what apps.
A statement posted on the app’s social media pages reads:
We respect the privacy of our data and we do not pass on this data to anyone apart from the services which need this. For example, the top up provider needs access to your number to top up your phone. The payment gateway needs your number to receive money from your number.
We are amending our terms and conditions to make it more explicit and clear that we do respect your privacy and we do not store any information over and above what is needed for servicing your requirements on our app.
The revised terms shall soon be updated on your app.