Zerodha CEO Warns: Fintech Apps Seek Risky Permissions

TECH
Whalesbook Logo
AuthorRiya Kapoor|Published at:
Zerodha CEO Warns: Fintech Apps Seek Risky Permissions
Overview

Zerodha founder Nithin Kamath is sounding the alarm on financial apps demanding excessive user permissions, like SMS and contact access, often disguised as security measures. He promotes the 'Principle of Least Privilege,' contrasting these invasive tactics with Zerodha's own privacy-first strategy, seen in its Kite trading platform. This comes as India strengthens its data privacy laws, like the DPDP Act, and SEBI pushes for better security, sparking a crucial discussion on user trust and data handling in the fast-growing fintech industry.

Instant Stock Alerts on WhatsApp

Used by 10,000+ active investors

1

Add Stocks

Select the stocks you want to track in real time.

2

Get Alerts on WhatsApp

Receive instant updates directly to WhatsApp.

  • Quarterly Results
  • Concall Announcements
  • New Orders & Big Deals
  • Capex Announcements
  • Bulk Deals
  • And much more
Add StocksGet it on Google PlayDownload on the App Store

Fintech's Trust Dilemma

This discussion by Zerodha's founder Nithin Kamath highlights a key challenge in India's fast-growing fintech industry: balancing security needs with user privacy. As apps ask for broad access to personal data, the trust vital for digital finance is at risk. This could change how companies attract and keep customers.

Digital Trust Under Fire

Zerodha CEO Nithin Kamath has publicly questioned the common practice of financial and banking apps demanding extensive user permissions, including access to SMS, contacts, and phone data. He argues these requests, often justified by security, go against the cybersecurity principle of least privilege, which states apps should only access the minimum data needed for their job. This suggests users are increasingly wary of data overreach, potentially creating a major trust gap in the digital finance market. Apps seen as too invasive might see slower user growth, no matter how useful they are.

Zerodha's Privacy Focus

Zerodha, a major Indian stockbroker valued at an estimated ₹30,000 crore, has built its reputation on a customer-focused approach that avoids aggressive data collection and marketing. Kamath pointed to Zerodha's Kite trading platform as an example, which operates without asking for any mobile device permissions. This deliberate design has built deep trust among its millions of customers. In a market where competitors like Groww and Upstox are growing, Zerodha's commitment to minimal data access makes privacy a key differentiator. This contrasts with other financial apps that might use more data-heavy models, potentially drawing more scrutiny and user complaints if they seem to violate privacy.

India's Data Protection Push

Kamath's comments come as India's regulators are strengthening data protection. The Digital Personal Data Protection (DPDP) Act of 2023 requires clear consent, minimal data collection, and accountability, with fines up to ₹250 crore for non-compliance. The Securities and Exchange Board of India (SEBI) is also actively improving investor security and trust. SEBI is requiring all registered financial intermediaries to use verified UPI handles (ending with '@valid') from October 1, 2025, to prevent fraud. SEBI also prevents regulated entities from working with unregistered advisors or those making unapproved return claims, increasing oversight on digital platforms. These efforts aim to create a more secure and trustworthy digital financial environment, supporting strong security while protecting privacy, including mandatory two-factor authentication, as Kamath noted. The Reserve Bank of India (RBI) has also issued lending guidelines, limiting data access and focusing on consent management, especially after borrower data misuse allegations.

Risks of Excessive Permissions

The continued use of intrusive app permissions poses significant risks for financial firms. Users may leave for platforms they see as more secure and respectful of their data, creating a competitive disadvantage for companies using aggressive data-gathering tactics. While Zerodha has not faced data misuse claims, the wider fintech sector is under scrutiny. A key risk is data breaches, which can be made worse by apps having extensive access. Furthermore, stricter regulations on app permissions could force costly changes for companies that rely on collecting a lot of data. The lack of transparency and common practice of bundled consent in many fintech apps also fuel user distrust, a weakness that privacy-focused rivals can exploit.

The Shift to Privacy by Design

The discussion started by Nithin Kamath points to a move towards 'privacy by design' becoming a core part of India's fintech sector. As users become more aware and regulations tighten, companies that focus on collecting less data and using clear consent methods will likely gain an advantage. This user-focused approach, matching India's strong data laws, could set the standard for lasting growth, building customer loyalty and strengthening digital financial services. The focus on privacy is expected to spur innovation in secure yet user-friendly interfaces, ultimately benefiting the entire digital economy.

Get stock alerts instantly on WhatsApp

Quarterly results, bulk deals, concall updates and major announcements delivered in real time.

Add Stocks
Disclaimer:This content is for educational and informational purposes only and does not constitute investment, financial, or trading advice, nor a recommendation to buy or sell any securities. Readers should consult a SEBI-registered advisor before making investment decisions, as markets involve risk and past performance does not guarantee future results. The publisher and authors accept no liability for any losses. Some content may be AI-generated and may contain errors; accuracy and completeness are not guaranteed. Views expressed do not reflect the publication’s editorial stance.