Daybreak - What Swiggy, Zepto & Cred know about your phone
Episode Date: August 26, 2025In March this year, a software developer that goes by Pea Bee online published a blog rather ominously titled ‘Everyone knows all the apps on your phone’. He found that several Indian ap...p-based startups are flouting rules of Google Play—Android’s app store—to access people’s data. In particular, some apps use a workaround to scrutinise the names and usage patterns of other apps on people’s phones. In real time.Now, the fact that apps have a lot of your data may not be a surprise to you. We’ve been pretty cavalier about our data for some time now. Remember Digi Yatra? But the scary thing is that Indian companies are equally nonchalant about the user data they collect. The result? Data-security breaches have been on the rise. So what is a data conscious Indian customer to do? Tune in. *This episode was originally published on May 13 2025.Daybreak is produced from the newsroom of The Ken, India’s first subscriber-only business news platform. Subscribe for more exclusive, deeply-reported, and analytical business stories.One channel. Every show. No more switching feeds. Follow The Ken on Apple Podcasts or tune in on The Ken app.
Transcript
Discussion (0)
Hi, this is Rohan Dharma Kumar.
If you've heard any of the Ken's podcasts, you've probably heard me.
My interruptions, my analogies and my contrarian takes on most topics.
And you might rightly be wondering why am I interrupting this episode too.
It's for a special announcement.
For the last few months, I and Sita Ramon Ganesh, my colleague and the Ken's deputy editor,
have been working on an ambitious new podcast.
It's called Intermission.
We want to tell the secret sauce stories of India's greatest companies.
Stories of how they were born, how they fought to survive, how they build their organizations and culture,
how they manage to innovate and thrive over decades, and most importantly, how they're poised today.
To do that, Sita and I have been reading books, poring over reports, going through financial statements,
digging up archives, and talking to dozens of people.
And if that wasn't enough, we also decided to throw in video into the mix.
Yes, you heard that right.
Intermission has also had to find its footing in the world of multi-camera shoots in professional studios, laborious editing, and extensive post-production.
Sita and I are still reeling from the intensity of our first studio recording.
Intermission launches on March 23rd.
To get alert, as soon as we release our first studio.
episode, please follow intermission on Spotify and Apple Podcast or subscribe to the Ken's YouTube
channel. You can find all of the links at the ken.com slash I am. With that, back to your episode.
Hi, I'm Rohan Dharma Kumar, the host of First Principles and the co-host of the 2x2
podcast. Hi, I'm Rahil, the host of 90,000 hours, the Ken's newest podcast about the future
of careers and workplaces. And I am Snigdash.
Sharma, the host and producer of Daybreak, our daily business news podcast.
I'm Praveen Gopal Krishna.
I'm also the co-host of 2x2 and the host of the best podcast of the Ken.
It's called The Nutgraff.
I'm also the ghost of Sita Rahmanji, who's the producer and host of Make India Competitive Again.
That's the other premium podcast that we've missed.
And Brady.
And Brady.
So we have a lot of podcasts.
So that's six podcasts.
each of which covers a completely different topic
and offers unprecedented insight,
if I may say so myself.
No, but actually that's true.
First principles is about leadership, 90,000 hours.
Of course it's true.
What do you mean?
But it's true.
No, no, no.
I just realize now that we sat together.
90,000 hours is about careers.
Daybreak is about news and what's happening.
The Nuttgraph is about connections
and 2x2 is our business strategy.
PGK, just a question.
Did you think that when we come up with new podcasts at the Ken,
we don't think if they over.
If they overlap with each other or not.
No, I just realized now that this is all together.
It's nice.
But yes, but why are we here?
We are here because we're here to make a very special announcement.
Up until now, a lot of people assumed that the only way to access our very many podcasts
was by having an annual subscription.
We're here to tell you that's not the case anymore.
And not an annual subscription to the Ken.
You can actually access it by subscribing to the Ken on Apple Podcasts for a monthly plan.
So you could actually try us out by signing up for a monthly subscription,
check out all our premium podcasts,
and if at the end of the month you don't feel you liked it enough,
you can unsubscribe.
But I tell you, I challenge you, you're unlikely to do that.
Because we put out a pretty solid podcast.
All the details will be in the show notes of this episode.
In March this year, a software developer that goes by P.B. Online
published a blog rather ominously titled,
everyone knows all the apps on your phone.
So, PB is a software developer based in India,
and software developers in India are, you know, from my understanding,
like, many of them are not very concerned with privacy,
but a few of them are, and PB is one of them.
He was looking at what kind of app permissions,
different apps on your phone had.
This is specific to Android phones.
And he found out that a lot of apps,
especially from Indian app-based startups.
We're very interested in finding out what other apps are installed on users' phones.
That's my colleague Abirami-ji.
Pee-B told her over a phone call last month that these startups were actively flouting Google Play's rules to access people's data.
Now, this may sound extreme, but essentially that means that that mobile phone you're carrying around in your pocket every day?
Well, it's actually a data funnel spying on your every move.
For context, until up to 2020 or now, 2022,
Google Play, as per Google Play rules, you know,
apps had like, you know, apps were basically even free reign to look at what other apps are on your phone for like various purposes.
But I think in around 2020, is when they stopped giving out these permissions willingly.
They were like, okay, you know, unless there is a specific reason why you need to like look at what other apps are on people's phones,
you shouldn't be looking at these.
But many of these times.
startups have figured out a workaround.
Despite Google's efforts, these startups,
and by that I mean well-known companies like Swiggy, Zepto and CRED,
are still able to see a lot of the other apps and activities on your phone.
We'll get into how in a little while.
But before that, let's try and understand why.
What do they do with that data?
Profiling, because, you know, when you are an internet-based startup,
you need as much data about your users as possible.
So, you know, if you know what all apps are on someone else's phone,
you can have a fairly solid picture of what kind of person they are.
Think about it.
Maybe you have a couple games like Candy Crush or Counterstrike on your phone.
Maybe you have some gambling apps.
Perhaps you're a frequent user of one particular kind of social media platform.
All that data helps these apps paint a picture of the sort of person that you are.
And more often than not, it's a fairly accurate picture.
Now, the fact that apps have a lot of your data may not be a surprise to you.
We've been pretty cavalier about our data for some time now.
Remember Digiata?
Well, 9 million of us quite happily gave up our biometric details
just to make that airport rush a little more bearable.
About a year ago, a report by Pricewaterhouse Coopers revealed that a fifth of Indian consumers
weren't even aware of the Digital Personal Data Protection Act, let alone their rights as
consumers. But the scary thing is that Indian companies are equally nonchalant about the user data
they're collecting. And the result? Well, data security breaches have been on the rise. The latest
one was the February breach at stockbroker Angel 1 that impacted nearly 8 million customers. So,
what is a data-conscious Indian customer to do? All right, Rahil. In the words of the famous
Kardashian sisters, bye, get out.
Wow, that's harsh after a whole year.
I didn't mean that.
Okay, hi listeners, I'm your host, Nidha.
And today we're here to make a bit of a bittersweet announcement.
As you know, daybreak is almost turning three this year,
at the end of this year.
And we have crossed ever since Rahal came into the picture more than a year ago.
We have crossed some really important milestones like 1 million downloads,
then 2 million downloads.
than more than 500 episodes.
But now, Rahel is moving on to her own podcast.
I have my own reference to make for the 90s and 2000s kids.
This is a high school musical reference.
I got to go my own way.
At Ken.
I've launched a new podcast.
It's called 90,000 hours.
I will link it in the show notes.
But as far as daybreak is concerned,
we have some really exciting things lined up for the next chapter of daybreak,
where almost three years of,
old. The biggest change is
drum roll please.
She's sitting right here in our studio right now.
Hi guys, I'm Rachel Virgis and I'm new here at the Ken
and I'm going to be taking over for Rahel starting next week.
Rahel, Rachel. Is it a coincidence? Is it not? Is it the Mandela effect?
Do you want people to think Rachel's been here all along?
Maybe. I wouldn't know because you guys chose me to be here.
Maybe just because of your name you were hired.
Hopefully that doesn't stay the case.
But everybody at the office has already been mixing us up together.
Our audio engineer is also, his name is Rajiv.
So we've been referred to in the collective.
Multiple times.
But hopefully this won't be too confusing for too long and we'll all get used to it soon.
But let's set the record straight.
Rachel is very much her own.
person with a very interesting career so far.
Really interesting perspective she's bringing to the podcast.
Rachel, take it away.
Tell us who you are.
Right.
So a few months ago, I graduated from Ashoka University with a master's in English.
Before that, I did my bachelor's in journalism.
And between all of that, I was working at a startup that was offering consulting services
for women-founded businesses.
So that's where my interest in business and startups comes from.
and hopefully that's something that I'm bringing to daybreak.
I've been listening to Daybreak for a while and ever since I knew I'm going to be joining the team,
I've been laughing to myself about the Rahel Rachel coincidence.
But what's the most exciting thing right now for you about being a part of the Daybreak team?
Well, mostly it's the fact that I'll be hosting a podcast for the first time.
I've been a huge fan of the medium.
I love listening to podcasts, especially when I'm going about my day, doing things.
I think Snickda and Rahel are incredible companions to have on.
We didn't pay her to do this.
Yeah, no, this is not a paid promo.
But yeah, they've been incredible companions as I go throughout my day
and probably the reason why I am pretty comfortable with business journalism at the moment
because they really break things down and make the jargon feel not so intimidating.
That's so nice of you to stay.
But tell our listeners when you go live, what is your?
episode they should be looking out for.
So I go live next Monday.
My first episode is about
succession coaches.
These are basically the super consultants
who are making things easy for family
businesses that are going through power transitions.
So look out for that.
I hope you guys are looking forward to it.
I'm looking forward to it.
And I'm very excited to be on here.
Amazing.
And Rahel, I hate you
for leaving me.
I honestly hate that I'm leaving too,
because I love daybreak and I love what we do every single day.
But I'm so, so excited and so proud of you for your new podcast.
By the way, listeners, three episodes are already out.
The third one, especially, is a favourite of mine.
Rahil, please tell our listeners about the American Dream episode.
Thanks, Nika. For starters, I could not have done it without you.
Genuinely, we have the best team here.
But like, let me just tell you a little bit about my new podcast.
It's called 90,000 hours.
It's about the future of careers and workplaces.
We are officially three episodes old.
We drop episodes every alternate Tuesday.
The latest episode that Snickta was being very kind about
is about how the American dream is evolving for Indian students.
It's quite interesting.
We have a lot of varied perspectives,
a lot of voices from the ground,
a lot of experts speaking about it,
and that's what this podcast early is.
It's a premium podcast,
which means that all the episodes are behind a paywall,
but we do unlock our episodes every four weeks.
Special announcement, the first free episode actually just released this week.
Do check it out.
It's about pickleball and networking.
There's also a newsletter that goes out every alternate week.
So, I mean, I guess, as they say, watch this space.
But yeah, so this is my final episode of Daybreak as host and producer.
I hope to be on this podcast as much as possible.
you know, feature on it.
You don't have a choice.
You don't have a choice.
But yeah, it's been absolutely wonderful.
And thank you.
Yeah, and really warm welcome to...
Very warm welcome.
Rachel Verghis.
Thank you.
All right.
Now, back to the episode.
You know those nudges you get from time to time?
Swigil ask you if you're hungry and craving a burger.
Or a loan app like, say, credit B will tell you to complete your half-finished application.
Well, the goal of these...
nudges is naturally to improve customer experience and prevent cancellation.
But some of them are more targeted than others.
For instance, a deep tech VC Abhi spoke to said many apps use data sets from the aggregator
data.com. AI, which was formerly known as app Annie.
It does a lot of data analytics above which are specific to apps on people's phones.
and what the VC explained to me was that
I mean this is probably like more complex than this
but you know app and these like tracking tools
come bundled with certain apps
and you know like they get installed
and like share the same permissions as this thing
we are basically piggybacking on these apps
and they can check okay like you know
how much time did you spend on this particular app
how much time on that particular app
and they collect this kind of data
they aggregate it and like they group it by you know
know, like, personality and, like, you know, like, user profile.
Like, say, like, if you are a user between 18 and 25 who lives in Indranagar and, like,
you know, and, like, works a journalism job, this is the kind of, like, thing that you are
likely to do.
These are the apps you are likely to access for most periods of time.
And you can, and they can, like, bundle up this data and sell it to people who want to buy
it, which in many cases might be, you know, like, startups who want to, like, understand the
kind of profiles.
and maybe like, you know,
use this information to target people in this areas more specifically.
So, hypothetically, a platform like data.coma could potentially go to say Swiggy
and tell them that people in a particular demographic, like 19 to 25,
are spending far more time on Zomato.
Swiggy can then figure out how to double down on that particular user base.
And that's not all.
A lot of apps themselves harvest competitors' data from you.
For instance, if you sign up for ZepiPi,
Postpaid, the app will ask you for permission to read your bank's SMSes to you,
apparently to check if you're eligible for the plan.
But in the process, P.B told Abi that they also read messages from all their major competitors,
including the likes of Swiggy, Zomato, Blinket, Big Basket and FlipCart.
It's very grey.
I think, like, the SMS permission, for instance, like is something that Zepto was
originally supposed to use for, like, you know, say, like, reading OTP.
piece of your bank providers, like this thing, for instance,
or checking which all, like, you know, banks or which all, like, financial apps
are sending you SMS.
But, you know, along with that, they have just, like, you know, put in, like,
Blinket and Swiggy and all of these other guys that are the competitors,
just for them to know how much you are ordering from them.
Since 2022, Google has expressly forbidden companies from seeing other installed apps on your
phone unless it's absolutely essential to an app-based startup's core functionality.
But like Abi mentioned,
startups have been rampantly abusing this provision.
Peeb said one way they do it
is by individually listing out
every app on a user's phone that they want to check for.
And there's more. Stay tuned.
Peeb made an interesting point in his blog post back in March.
He found that Swiggy in particular
wasn't just harvesting data from consumers,
but also from the gig workers that it was employing.
Gig workers are obviously the most exposed
because, you know, gig worker apps harvest, like, data that is different from those who are consuming it.
Because, you know, you look for competitors' apps.
Like, if you are a Swiggy Delivery Driver and you have the Swiggy Delivery Driver app,
they'll look for, like, you know, Zeptos, they'll look for Blinkets, they'll look for Porter,
they'll look for Uber and Nola and, like, Rapido and all of these other, like, this thing.
Mainly to me understand, like, you know, which all other, like, competitor, like, apps, these guys are
working for. It'll also check to see if they have personal finance or loan apps on their phone to
understand who is in debt. It'll also check for gambling apps like Rami King to assess who's likely
to go into debt. Meanwhile, the consumer-facing app harvest data from 154 different apps on a user's
phone, including messaging apps like WhatsApp and Discord, travel apps like Make My Trip Indigo and
IRCTC and even FinTech apps like CRED and PTM. It even checks for Microsoft Teams
and Slack.
Do you see where I'm going with this?
There is a very real class divide.
It's very intrusive.
Like, you know, it's basically these apps
are trying to pry into like the lives of gig workers.
And we already know how a bunch of these like startup,
app-based startups are very like inconsiderate of like their gig workers.
Right.
So you can kind of like look at the, you know, software side of it,
the tech side of it as well as like the AI, you know,
real life side of it and kind of put together this picture of how these guys want to understand
gay, you know, like how these guys want to like basically exploit their workers in whatever
way they can.
Peeb also raised another pretty significant question.
How is knowing whether I have the Xbox or PlayStation app installed on my phone essential to
an app like Swiggy's core functionality?
It isn't just food delivery apps either.
Even FinTech apps are gathering as much data as they can while running in the background.
Yes, sure.
Regulated fintech apps have far more restrictions on what data they use,
but unregulated apps use data from a variety of sources
and then make their own assumptions based on them.
A former employee at a digital lending platform recalled how in the lender's earlier days,
when it mainly provided loans to college students,
it would check if they had games like Counter-Strike installed in their devices.
They would usually refuse loans to students with too many gaming apps.
Why?
Because that meant that they were
unserious.
The former employees said many unregulated loan apps
still do this.
And here's the other thing.
Most of these checks are only done on Android phones.
If you look at like the divide between
the upper middle class and like the ultra rich,
a lot of people, I mean like the divide here is that
if you're an Android user,
you're much more likely to have these like data, privacy,
violations happen to you
than if you're an iPhone
user because iPhones are simply
like you know more privacy focused
but they're also much more expensive
so if you are an iPhone user you're automatically
automatically shielded from like a lot of this
in fact like there isn't even like an iPhone
version of a lot of these gig worker apps
because they straight up don't assume that gig workers
can afford like iPhones
and yeah
if you look at app Annie statistics
if you look at data.coma statistics like
90% of the data that they have collected comes
from Android phones and only 10%
comes from Apple phones.
So, yeah, like, again, three levels of, like, privacy.
And if you are, like, rich, you can, like, avoid a lot of these by straight up, like,
you know, shielding yourself from being protected in various ways.
It's like, but if you are, like, a gig worker, you can't, like, really defend yourself
from a lot of this.
Daybreak is produced from the newsroom of the Ken, India's first subscriber-focused business news
platform.
What you're listening to is just a small sample.
of our subscriber-only offerings.
A full subscription unlocks daily long-form feature stories,
newsletters and podcast extras.
Head to the ken.com and click on the red subscribe button on the top of the website.
Today's episode was hosted by Rahil Filippos and edited by Rajiv Sien.