I believe it is expedient to educate people on how this process works so that they can be well-informed and make better decisions, rather than being tossed to and fro.

When you grant permission to loan apps to access your contacts, a background service is initiated in your Android Kernel the moment you open their apps and perform tasks such as filling out your KYC (Know Your Customer) and applying for a loan. Typically, it takes between 2 to 10 minutes to harvest your contacts and send them to their server. They can code this process in two ways: either sending all contacts at once or one by one. A well-developed app will pick, for example, the first 500 or 1000 contacts and send them as a packet (similar to a pack of matches).

Upon reaching the loan app server destination (Endpoint[POST]), several checks are carried out by the loan apps:

Check 1: Is the customer new, and do they have existing contacts with us?

Check 2: How many contacts do we need to store in our database?

Check 3: Do we need to delete initial records and add the most recent contacts?

Check 4: Should we update the contact's phone number if the new contact already exists in our database? We will use either the phone number or name to check if it exists.

Check 5: Can we add the record to the existing records until it reaches our threshold of, for example, 500, or should we add as many contacts as possible?

Check 6: Only add numbers that start with +234 or 080 and have a total of 11 or 14 digits.

Check 7: Where will the contacts be stored? Is it in a database, as text, as an Excel file, or in NoSQL?

In Case 1: If they decide to activate Check 3 by first deleting all records before inserting new ones, the assertion that syncing fake contacts will replace the old ones will be true. But is unlikely to happen because many of these apps are developed by senior developers, and ethically, it is considered bad practice to hard delete such information.

In Case 2: If they decide to update existing records that already exist, then customers have a good chance of replacing their contacts with fake ones provided the condition is to check by customer name and not phone number.

In Case 3: If they choose not to use the first two cases, customers' contacts are added to the list until it reaches their threshold, which in most cases may be 500 or sometimes unlimited. Customers are left with no option but to hope that if they send messages to their contacts, the fake contacts will be picked up.

For those who claim they can help you wipe your contacts, they are deceiving you. In most cases, they will tell you to download and install an APK (Name Withheld) that will clone the loan apps so you can disable the app requesting permission and still use the app. (You know you cannot access a loan until you give them access, right?) This Root App will disable all those permissions, and you'll still be able to request a loan. However, they have forgotten that you only hack the APK on your phone, not their server. You still need to send your information to their database for final processing.

It is not possible to wipe your account from their database unless:

1. You are the administrator of their business.

2. You work in the IT department where you have access to customer information and have the privilege to delete records.

3. You hack into their server. Remember, hacking is not trivial, and sometimes it takes several months to succeed. Besides, we have over 400 loan apps in Nigeria, and many are hosted on different servers. So the question is, how many servers do you want to hack for a thousand naira loan shark victims who want to pay? (Where is the logic?)

Solution

Although you may decide to synchronize fake contacts and try your luck, in my opinion, it is better to let go and stop paying once they defame you. Ask anyone who has been seriously affected by defamation, and they will tell you it doesn't work. Just because you were not defamed by loan apps does not mean that all loan sharks defame. 

Some of them will not defame you but will pose as if they have defamed you. Some will pose on their Instagram and Facebook accounts and tag you just to scare you. If you check the handle, you will notice that they barely have up to 50 followers. And if they siphon you and run you dry, they will check the amount they have collected from you through your constant repayment. If it exceeds the money you are running away with, they are unlikely to defame you.

The bottom line is

- Once they defame you, do not pay back.

- Only pay back those who did not defame you the capital and initial interest.

- Never pay for overdue interest.

- No one can block your BVN.

- By law in Nigeria, the Credit Reporting Act mandates that negative information such as loan defaults can stay on your credit report for a maximum of seven years.

I hope this clarifies the situation.  

This is coming from a victim of 35 loan apps, with 12 years of experience as a software developer and cybersecurity analyst.  

Cheers