![\"\"](\"\/cise\/files\/2026\/04\/OlawaleHeadshot-475x636.jpeg\")
<\/p>\nDigital lending apps have transformed how people access credit in emerging markets, offering quick loans at the tap of a screen. But for many users, these apps carry hidden risks, ranging from aggressive harassment to privacy violations. As smartphones become the primary gateway to financial services in emerging markets, a Boston University PhD candidate uncovered how the data of millions of users\u2014and even their safety\u2014can be put at serious risk.<\/p>\n
<\/p>\n
Olawale Akanji<\/a>, a third-year PhD student advised by Manuel Egele<\/a> and Gianluca Stringhini<\/a>, recently earned the CISE Best Paper Award for his paper, \u201cThe Cost of Convenience: Identifying, Analyzing, and Mitigating Predatory Loan Applications on Android.\u201d<\/a> Akanji, who first published the paper at ASIA CCS \u201826<\/a>, focuses his research on security and privacy in Android applications. He became inspired to pursue this study by observing digital loan apps in his home country.<\/p>\n \u201cComing from Nigeria, I witnessed firsthand the damage these apps can do,\u201d he said. \u201cSome would send bulk messages to all of a user\u2019s contacts if a loan wasn\u2019t repaid in seven days. People\u2019s private information was shared publicly\u2014reputations were ruined.\u201d<\/p>\n This paper exposed widespread privacy violations in Android loan applications across Indonesia, Kenya, Nigeria, Pakistan, and the Philippines\u2014countries where smartphones are increasingly the primary financial platform. Early in his research, Akanji focused on understanding how these apps exploit the Android permission system. Many apps requested access to contacts, SMS, and call logs\u2014sometimes beyond what regulations allowed\u2014taking advantage of the fact that most users simply accept permission requests without fully understanding the privacy and security implications of granting such broad access. His first projects examined these mechanisms in detail, analyzing how custom permissions in the Android ecosystem expose users to privacy breaches.<\/p>\n He discovered that regulatory frameworks, while in place, were often ineffective and easy to bypass. \u201cGoogle came up with a regulation to guide the operations of these platforms, but the apps were able to circumvent them,\u201d Akanji explained. For example, an app might avoid requesting access to contacts directly\u2014as prohibited by law\u2014but still collect the same information through call log permissions. \u201cThis clever method lets them technically stay within regulations while still collecting data,\u201d he said.<\/p>\n Akanji\u2019s research project, LoanWatch, systematically evaluated 435 apps through a three-phase approach combining large language models, static code analysis, and dynamic runtime testing. First, large language models analyze regulatory documents to identify the exact data types apps are prohibited from accessing. Then, static analysis checks app code for evidence of data collection practices tied to these sensitive permissions. Finally, dynamic testing confirms whether the app actually collects and transmits user data during operation.<\/p>\n These pipelines allowed Akanji\u2019s team to build a chain of evidence linking app behavior to regulatory violations. Across their analysis, roughly 30% of apps approved on Google Play in certain countries were found to circumvent rules in ways that exposed sensitive data. The findings not only highlight gaps in enforcement but also show the potential for using the same technology to proactively protect users.<\/p>\n \u201cRegulations exist to protect users. These policies should be enforced proactively, not reactively,\u201d Akanji said. By providing tools to detect these violations before users are affected, Akanji\u2019s research advocates for pre-emptive enforcement of privacy and security policies. The approach could also be applied to other app categories that handle sensitive data, such as health and financial services, and across emerging markets in Latin America, Asia, Africa, and beyond.<\/p>\n Akanji and his team\u2019s work has already influenced enforcement: Google removed 93 flagged apps from the Play Store, and regulators in Nigeria are coordinating ongoing compliance checks\u2014changes that will inevitably reduce harassment and privacy breaches. By bridging the gap between policy and practice, the research is creating a model for how technology can enforce protections rather than merely provide them. Akanji is highlighting the hidden risks of digital lending and demonstrating how thoughtful analysis can hold developers accountable and protect millions of users. In the end, this project offers a roadmap for safer, more responsible digital ecosystems.<\/p>\n Akanji received his Bachelor of Science in Cyber Security from the Air Force Institute of Technology, Kaduna, in 2022, graduating with first-class honors. He served as an Airman in the Nigerian Air Force from 2012 to 2023, where his work centered on information security. During this period, he also worked as a Network Security Analyst at Galaxy Backbone Ltd in Abuja (2021\u20132022), focusing on securing enterprise network infrastructure. He is currently a 3rd-year Ph.D. candidate in Computer Engineering at Boston University, having previously completed his M.S. in Computer Engineering there with a focus on security and privacy-related research. At BU, he is a full-time student and researcher working on reverse engineering and malware analysis, building on his broader experience in system security. He is also a member of the Security Lab<\/a> (SeclaBU), where his research aligns with the lab\u2019s focus on identifying software vulnerabilities and abuse through program analysis and machine learning.<\/p>\n The CISE Best Student Paper Award competition is an annual competition at Boston University\u2019s Center of Information & Systems Engineering (CISE) that recognizes outstanding student research and promotes scientific excellence among CISE-affiliated students. Open to all Boston University students advised by a CISE faculty affiliate, submissions undergo a blind review process evaluated by both student and faculty committees, with awards selected based on reviewer assessments of quality, novelty, and impact. This year, the competition received 16 paper submissions across systems, security, and AI-related areas. Learn more here.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Digital lending apps have transformed how people access credit in emerging markets, offering quick loans at the tap of a screen. But for many users, these apps carry hidden risks, ranging from aggressive harassment to privacy violations. As smartphones become the primary gateway to financial services in emerging markets, a Boston University PhD candidate uncovered […]<\/p>\n","protected":false},"author":25938,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[26,205],"tags":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/posts\/43478"}],"collection":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/users\/25938"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/comments?post=43478"}],"version-history":[{"count":5,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/posts\/43478\/revisions"}],"predecessor-version":[{"id":43486,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/posts\/43478\/revisions\/43486"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/media?parent=43478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/categories?post=43478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bu.edu\/cise\/wp-json\/wp\/v2\/tags?post=43478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"\/cise\/files\/2026\/04\/Screenshot-2026-04-27-at-14.34.22-636x476.png\")
One of Akanji\u2019s advisors, CISE Faculty Affiliate and Associate Professor Gianluca Stringhini (ECE), emphasized the broader significance of the work, noting that cybersecurity research is often criticized for being Western-centric and focused primarily on threats affecting users in the United States and Europe. \u201cThis raises awareness about other threats than those we are used to here in the US,\u201d he said. \u201cI\u2019m glad our research helped keep users in Nigeria and other countries safe.\u201d<\/p>\n