I’ve got a Problem with Koko!
Before the arrival of Mintpay and Koko “Buy Now Pay Later” or interest-free easy payment schemes were available only to Credit Card holders and buyers with guarantors (as far as my knowledge permits). The aforesaid Fintech apps however allow consumers to pay in instalments using even a debit card. Apps like Koko by Daraz let you pay even for a pair of pants or a shirt with interest-free instalments. Sounds fantastic, or is it? Recently while fooling around with the Mintpay app, I realized it doesn’t have Multi-Factor Authentication and wanted to see whether Koko is the same. Forget about Multi-Factor Authentication. What happened after installing the app was a total invasion of my online privacy (Even before making my first purchase through the app). Keep on reading to find out what happened. I hope my thoughts will help you protect your privacy if you are planning to use the app in future. [Image Credit: Mayur Roshen from SR Productions]
Koko’s dodgy App Permissions
Unsolicited & Unethical Emails
I call emails from Koko to be unsolicited on the account of three grounds. First, I did not sign up for an electronic newsletter. Never! Second, the frequency. I receive marketing emails from them almost every day and sometimes more than one email within 24 hours. Third I can’t opt out of their marketing emails because there’s no way to unsubscribe. They’re not supposed to contact me via my login email address unless it’s a must. Not for marketing purposes. These reasons make their emails highly unsolicited.
It is illegal in many countries, including the US and the EU, to send unsolicited email newsletters without including an option for recipients to unsubscribe. This is in accordance with laws such as the CAN-SPAM Act in the US and the General Data Protection Regulation (GDPR) in the EU. Sri Lanka probably doesn’t have any rules and regulations governing email campaigns and Daraz and Koko may be taking advantage of the loophole. It makes these email communications highly unethical.
High-volume Push Notifications
As if bombarding me with unsolicited and unethical emails isn’t enough the Koko app is very good at frequently annoying me with high volumes of “Push Notifications”. Although it’s not illegal for smartphone apps to push notifications without the end user’s consent, receiving such large volumes of “Push Notifications” being pushed for promotional purposes is a major annoyance. Fortunately, I am quite tech-savvy and I was able to block further push notifications using the settings in Android. If you want to know how to check these instructions from Google and Apple.
A tweet by one Andrew Lewis that is being mass-retweeted says, “If you are not paying for it, you’re not the customer; you’re the product being sold.” Now whatever you order through Koko you have to pay for it. However, when a business establishment offers you an attractive deal it’s because they have something big to gain. Not because they care about your well-being. In this case, it’s the data about you. (In this century the most valuable commodities are time and data.) Although On March 18th, 2022, Sri Lanka enacted the Personal Data Protection Act, No. 9 of 2022 (the “Act” or “PDPA”) thereby becoming the first South Asian country to enact comprehensive data protection legislation, I am not certain how effective it is. Besides the law can be misinterpreted, exploited, and manipulated. I do not know whether Koko is guilty of the same but I do have a problem because of my experience with the app.
I seek to foster thoughtful and respectful dialogue. Toward that end, I require that you use your full name when commenting. Also, any comments with profanity, name-calling, and/or a nasty tone will be deleted.