#FactCheck: Misleading Clip of Nepal Crash Shared as Air India’s AI-171 Ahmedabad Accident

Introduction

In the wake of the Spy Loan scandal, more than a dozen malicious loan apps were downloaded on Android phones from the Google Play Store, However, the number is significantly higher because they are also available on third-party marketplaces and questionable websites. 

Unmasking the Scam

When a user borrows money, these predatory lending applications capture large quantities of information from their smartphone, which is then used to blackmail and force them into returning the total with hefty interest levels. While the loan amount is disbursed to users, these predatory loan apps request sensitive information by granting access to the camera, contacts, messages, logs, images, Wi-Fi network details, calendar information, and other personal information. These are then sent to loan shark servers.

The researchers have disclosed facts about the applications used by loan sharks to mislead consumers, as well as the numerous techniques used to circumvent some of the limitations imposed on the Play Store. Malware is often created with appealing user interfaces and promotes simple and rapid access to cash with high-interest payback conditions. The revelation of the Spy Loan scandal has triggered an immediate response from law enforcement agencies worldwide. There is an urgency to protect millions of users from becoming victims of malicious loan apps, it has become extremely important for law enforcement to unmask the culprits and dismantle the cyber-criminal network.

Aap’s banned: here is the list of the apps banned by Google Play Store :

• AA Kredit: इंस्टेंट लोन ऐप (com.aa.kredit.android)
• Amor Cash: Préstamos Sin Buró (com.amorcash.credito.prestamo)
• Oro Préstamo – Efectivo rápido (com.app.lo.go)
• Cashwow (com.cashwow.cow.eg)
• CrediBus Préstamos de crédito (com.dinero.profin.prestamo.credito.credit.credibus.loan.efectivo.cash)
• ยืมด้วยความมั่นใจ – ยืมด่วน (com.flashloan.wsft)
• PréstamosCrédito – GuayabaCash (com.guayaba.cash.okredito.mx.tala)
• Préstamos De Crédito-YumiCash (com.loan.cash.credit.tala.prestmo.fast.branch.mextamo)
• Go Crédito – de confianza (com.mlo.xango)
• Instantáneo Préstamo (com.mmp.optima)
• Cartera grande (com.mxolp.postloan)
• Rápido Crédito (com.okey.prestamo)
• Finupp Lending (com.shuiyiwenhua.gl)
• 4S Cash (com.swefjjghs.weejteop)
• TrueNaira – Online Loan (com.truenaira.cashloan.moneycredit)
• EasyCash (king.credit.ng)
• สินเชื่อปลอดภัย – สะดวก (com.sc.safe.credit)
  

Risks with several dimensions

SpyLoan's loan application violates Google's Financial Services policy by unilaterally shortening the repayment period for personal loans to a few days or any other arbitrary time frame. Additionally, the company threatens users with public embarrassment and exposure if they do not comply with such unreasonable demands. 

Furthermore, the privacy rules presented by SpyLoan are misleading. While ostensibly reasonable justifications are provided for obtaining certain permissions, they are very intrusive practices. For instance, camera permission is ostensibly required for picture data uploads for Know Your Customer (KYC) purposes, and access to the user's calendar is ostensibly required to plan payment dates and reminders. However, both of these permissions are dangerous and can potentially infringe on users' privacy.

Prosecution Strategies and Legal Framework

The law enforcement agencies and legal authorities initiated prosecution strategies against the individuals who are involved in the Spy Loan Scandal, this multifaced approach involves international agreements and the exploration of innovative legal avenues. Agencies need to collaborate with International agencies to work on specific cyber-crime, leveraging the legal frameworks against digital fraud furthermore, the cross-border nature of the spy loan operation requires a strong legal framework to exchange information, extradition requests, and the pursuit of legal actions across multiple jurisdictions.

Legal Protections for Victims: Seeking Compensation and Restitution

As the legal battle unfolds in the aftermath of the Spy loan scam the focus shifts towards the victims, who suffer financial loss from such fraudulent apps. Beyond prosecuting culprits, the pursuit of justice should involve legal safeguards for victims. Existing consumer protection laws serve as a crucial shield for Spy Loan victims. These laws are designed to safeguard the rights of individuals against unfair practices.

Challenges in legal representation

As the legal hunt for justice in the Spy Loan scam progresses, it encounters challenges that demand careful navigation and strategic solutions. One of the primary obstacles in the legal pursuit of the Spy loan app lies in the jurisdictional complexities. Within the national borders, it’s quite challenging to define the jurisdiction that holds the authority, and a unified approach in prosecuting the offenders in various regions with the efforts of various government agencies.

Concealing the digital identities

One of the major challenges faced is the anonymity afforded by the digital realm poses a challenge in identifying and catching the perpetrators of the scam, the scammers conceal their identity and make it difficult for law enforcement agencies to attribute to actions against the individuals, this challenge can be overcome by joint effort by international agencies and using the advance digital forensics and use of edge cutting technology to unmask these scammers.

Technological challenges

The nature of cyber threats and crime patterns are changing day by day as technology advances this has become a challenge for legal authorities, the scammers explore vulnerabilities, making it essential, for law enforcement agencies to be a step ahead, which requires continuous training of cybercrime and cyber security.

Shaping the policies to prevent future fraud

As the scam unfolds, it has become really important to empower users by creating more and more awareness campaigns. The developers of the apps need to have a transparent approach to users.

Conclusion

It is really important to shape the policies to prevent future cyber frauds with a multifaced approach. Proposals for legislative amendments, international collaboration, accountability measures, technology protections, and public awareness programs all contribute to the creation of a legal framework that is proactive, flexible, and robust to cybercriminals' shifting techniques. The legal system is at the forefront of this effort, playing a critical role in developing regulations that will protect the digital landscape for years to come.

Safeguarding against spyware threats like SpyLoan requires vigilance and adherence to best practices. Users should exclusively download apps from official sources, meticulously verify the authenticity of offerings, scrutinize reviews, and carefully assess permissions before installation.

References

• https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-downloaded-12-million-times/#google_vignette

• https://www.gadgets360.com/apps/news/spyloan-malware-blackmail-extort-users-detected-play-store-4639194

• https://thehackernews.com/2023/12/spyloan-scandal-18-malicious-loan-apps.html

• https://www.the420.in/exposed-18-deceptive-loan-apps-google-play/

Introduction

Cybersecurity remains a crucial component in the modern digital era, considering the growing threat landscape caused by our increased reliance on technology and the internet. The Karnataka Government introduced a new ‘Cyber Security Policy 2024’ to address increasing cybercrimes and enhance protection measures for the State's digital infrastructure through awareness, skill development, public-private collaborations, and technology integration. Officials stated that the policy highlights various important aspects including raising awareness and providing education, developing skills, supporting the industry and start-ups, as well as forming partnerships and collaborations for enhancing capacity.

Key Highlights

• The policy consists of two components. The initial segment emphasizes creating a robust cyber security environment involving various sectors such as the public, academia, industry, start-ups, and government. The second aspect of the policy aims to enhance the cybersecurity status of the State's IT resources. Although the initial section will be accessible to the public, the second portion will be restricted to the state's IT teams and departments for their IT implementation.
• The Department of Electronics, IT, BT and S&T, the Department of Personnel and Administrative Reforms (e-Governance),and the Home Department, in collaboration with stakeholders from government and private sectors, have collectively formulated this policy. The Indian Institute of Science, the main institute for the state's K-tech Centre of Excellence for Cyber Security (CySecK), also examined the policy.
• The Department of Electronics, IT, BT and S&T, the Department of Personnel and Administrative Reforms (e-Governance),and the Home Department, in collaboration with stakeholders from government and private sectors, have collectively formulated this policy. The Indian Institute of Science, the main institute for the state's K-tech Centre of Excellence for Cyber Security (CySecK), also examined the policy.
• Approximately ₹103.87 crore will be spent over five years to implement the policy, which would be fulfilled from the budget allocated to the Department of Information Technology and Biotechnology and Science & Technology. A total of ₹23.74 crore would be allocated for offering incentives and concessions.
• The policy focuses on key pillars of building awareness and skills, promoting research and innovation, promoting industry and start-ups, partnerships and collaborations for capacity building.
• Karnataka-based undergraduate and postgraduate interns will receive a monthly stipend of INR 10,000- Rs15,000 fora maximum duration of three months under the internship program. The goal is to support 600 interns at the undergraduate level and 120 interns at the post-graduate level within the policy timeframe.
• Karnataka-based start-ups collaborating with academic institutes can receive matching grants of up to 50% of the total R&D cost for cybersecurity projects, or a maximum of ₹50 lakh.
• Reimbursement will be provided for expenses up to a maximum of INR 1 Lakh for start-ups registered with Karnataka Start-up Cell who engage CERT-In empanelled service providers from Karnataka for cyber security audit.
• The Karnataka government has partnered with Meta to raise awareness on cyber security. By reaching out to educational institutions, schools and colleges, it is piloted to provide training to 1 lakh teachers and educate 1 million children on online safety.

CyberPeace Policy Wing Outlook

The Cyber Security Policy, 2024 launched by the Karnataka government is a testament to the state government's commitment to strengthening the cyber security posture and establishing cyber resilience. By promoting and supporting research and development projects, supporting startups, and providing skill training internships, and capacity building at a larger scale, the policy will serve asa positive step in countering the growing cyber threats and establishing a peaceful digital environment for all. The partnership and collaboration with tech companies will be instrumental in implementing the capacity-building initiatives aimed at building cognitive and skill defenses while navigating the digital world. The policy will inspire other state governments in their policy initiatives for building safe and secure cyber-infrastructure in the states by implementing strategies tailored to the specific needs and demands of each state in building safe digital infrastructure and environment.

References:

• https://www.hindustantimes.com/cities/bengaluru-news/karnataka-govt-launches-new-cyber-security-policy-amid-frequent-scams-101722598078117.html
• https://ciso.economictimes.indiatimes.com/amp/news/grc/karnataka-govt-launches-new-cyber-security-policy/112214121
• https://cybermithra.in/2024/08/09/karnataka-cyber-security-policy/

• https://itbtst.karnataka.gov.in/storage/pdf-files/ITBT48ADM2021EngCABINET-GO.pdf

Introduction

In July 2025, the Digital Trust & Safety Partnership (DTSP) achieved a significant milestone with the formal acceptance of its Safe Framework Specification as an international standard, ISO/IEC 25389. This is the first globally recognised standard that is exclusively concerned with guaranteeing a secure online experience for the general public's use of digital goods and services.

Significance of the New Framework

Fundamentally, ISO/IEC 25389 provides organisations with an organised framework for recognising, controlling, and reducing risks associated with conduct or content. This standard, which was created under the direction of ISO/IEC's Joint Technical Committee 1 (JTC 1), integrates the best practices of DTSP and offers a precise way to evaluate organisational maturity in terms of safety and trust.  Crucially, it offers the first unified international benchmark, allowing organisations globally to coordinate on common safety pledges and regularly assess progress.

Other Noteworthy Standards and Frameworks

While ISO/IEC 25389 is pioneering, it’s not the only framework shaping digital trust and safety:

• One of the main outcomes of the United Nations’ 2024 Summit for the Future was the UN's Global Digital Compact, which describes cross-border cooperation on secure and reliable digital environments with an emphasis on countering harmful content, upholding online human rights, and creating accountability standards. 
• The World Economic Forum’s Digital Trust Framework defines the goals and values, such as cybersecurity, privacy, transparency, redressability, auditability, fairness, interoperability and safety, implicit to the concept of digital trust. It also provides a roadmap to digital trustworthiness that imbibes these dimensions. 
• The Framework for Integrity, Security and Trust (FIST) launched at the Cybereace Summit 2023 at USI of India in New Delhi, calls for a multistakeholder approach to co-create solutions and best practices for digital trust and safety.
• While still in the finalisation stage for implementation rollout, India's Digital Personal Data Protection Act, 2023 (DPDP Act) and its Rules (2025) aim to strike a balance between individual rights and data processing needs by establishing a groundwork for data security and privacy.
• India is developing frameworks in cutting-edge technologies like artificial intelligence. Using a hub-and-spoke model under the IndiaAI Mission, the AI Safety Institute was established in early 2025 with the goal of creating standards for trustworthy, moral, and safe AI systems. Furthermore, AI standards with an emphasis on safety and dependability are being drafted by the Bureau of Indian Standards (BIS). 
• Google's DigiKavach program (2023) and Google Safety Engineering Centre (GSEC) in Hyderabad are concrete efforts to support digital safety and fraud prevention in India's tech sector.

What It Means for India

India is already claiming its place in discussions about safety and trust around the world. Google's June 2025 safety charter for India, for example, highlights how India's distinct digital scale, diversity, and vast threat landscape provide insights that inform global cybersecurity strategies. 

For India's digital ecosystem, ISO/IEC 25389 comes at a critical juncture. Global best practices in safety and trust are desperately needed as a result of the rapid adoption of digital technologies, including the growth of digital payments, e-governance, and artificial intelligence and a concomitant rise in instances of digital harms. Through its guidelines, ISO/IEC 25389 provides a reference benchmark that Indian startups, government agencies, and tech companies can use to improve their safety standards.

Conclusion 

A global trust-and-safety standard like ISO/IEC 25389 is essential for making technology safer for people, even as we discuss the broader adoption of security and safety-by-design principles integrated into the processes of technological product development. India can improve user protection, build its reputation globally, and solidify its position as a key player in the creation of a safer, more resilient digital future by implementing this framework in tandem with its growing domestic regulatory framework (such as the DPDP Act and AI Safety policies).

References 

• https://dtspartnership.org/the-safe-framework-specification/
• https://dtspartnership.org/press-releases/dtsps-safe-framework-published-as-an-international-standard/?
• https://www.weforum.org/stories/2024/04/united-nations-global-digital-compact-trust-security/?
• https://economictimes.indiatimes.com/tech/technology/google-releases-safety-charter-for-india-senior-exec-details-top-cyber-threat-actors-in-the-country/articleshow/121903651.cms? 
• https://initiatives.weforum.org/digital-trust/framework 
• https://government.economictimes.indiatimes.com/news/secure-india/the-launch-of-fist-framework-for-integrity-security-and-trust/103302090 

‍