With the way apps are tracking every move, I’ve personally had to block countless notifications and witnessed NBFC apps pulling shady moves like hiding closure requests. A lot of tech today is about exploiting user data, not respecting it.
Most apps today have become unusable. They bombard users with irritating notifications, spam messages, and dark patterns, and many are downright scammy.
Without your knowledge, numerous apps on your phone track and harvest extensive data: which apps you’ve installed, how you use them, the content of your emails and SMS, media on your device, and more.
What’s truly disturbing is that some apps track usage not just within their own environment but across other apps too. This means your most personal data is being harvested without your consent and sold to companies for shady targeting purposes.
At Zerodha, we’re different. We only request app permissions that are genuinely necessary for functionality. We don’t send unnecessary push notifications, messages, or emails. We don’t peddle useless financial products or push you to trade for the sake of “engagement.”
"Not doing unto others what we don’t want done unto us is deeply rooted in our philosophy. "
Really appreciate this article and the vision Zerodha has. There are apps which ask for permission like SMS,location, read emails etc.
If we list the permissions in an spreadsheet for all apps, people will stop using them
I dont know any broker who has the courage to share how they use your data.
A while back, I checked the permissions requested by top broking apps, and I was surprised.
Here are the screenshots showing the comparison between permission required by top broking apps and Zerodha.
I don’t think it’s directly comparable. These apps let you sign up through the app. Zerodha only has web sign up so it doesn’t need to ask for these permissions and it asks on browser. Permissions like location and camera are needed for sign up verification.
Not that these aren’t shady. I’ve seen angel one ask for permission to pull credit reports for someone who is never interested in MTF.
Dhan has annoying notifications about market, US, etc.
Just curious — how can biometric features like Face ID work without camera access ?
Since Face ID relies on biometric hardware, doesn’t it still require access to the camera software for authentication?
Camera access permission sought by apps is explicitly for using cameras to take pictures.
This is different from biometric permission. For biometric auth permission, the OS abstracts all required hardware behind it (eg: infrared camera, dot projector, proximity sensors, front camera, fingerprint reader) and does the auth. OS simply tells apps whether auth was successful or not without giving access to any hardware or any underlying biometric information.
If you want to check the permissions required by an app (If your app isn’t in the screenshots above), go to the Play Store, tap on “About this app,” scroll down, and tap on “App permissions.”
@siva Well, I do trust my broker — I take what they say at face value as correct and true, unless I come across something that proves otherwise. But saying that is like claiming a car runs purely because of the engine and the tires aren’t actually used — as if it’s all the engine doing the work?
It’s more like we only have access to the steering wheel and can only interact with that. Everything else that happens while driving is abstracted away by the apparatus. Similarly, for biometric auth, we invoke the OS’s biometric auth function – the OS then takes over, does the actual auth and passes back a success/fail status.
Agreed that the app has much less spam and permissions. But, AFAICS, You still do use Google trackers with referrer and Ad id permissions with no way to opt out.
No app will have idea or access to biometrics in any OS. It just asks OS to authenticate. Os will send yes/no to app based on your action. App has to take action on that
I really appreciate Zerodha for maintaining such transparency.
In a country like India where privacy has no value for majority of population, I wanted fellow members at TQnA to tell whether they are using any digital products which simply doesn’t spam or spy on us. (Apart from Broker Suggestions)
On the permission front, other than AdId/Referrer permissions etc., consider removing broad access permissions like
write(read) to external storage
It asks for this permission to download reports from console(inbuilt web-app). Any permission can be justified like camera for face authentication(non-OS based) etc… However, I believe it is not compliant with zero trust model and is far reaching. In case of hacking, anyone who controls the app can get extra access to all devices storage/photos etc. For downloading reports, I’m pretty sure you don’t need storage permission at all, when downloading with download manager
But in case of technical difficulties, consider
Downloading to app private storage and use share menu to share anywhere
