Read In App

Zerodha's Nithin Kamath Criticises 'Invasive' Permissions In Banking Apps, Says He 'Doesn't Use' Them

Nithin Kamath criticises Indian net banking apps for requesting intrusive permissions, emphasising privacy risks and advocating for minimal permissions.

Advertisement
Read Time: 3 mins
Nithin Kamath highlights privacy risks as Indian banking apps demand excessive device permissions.
Quick Read
Summary is AI-generated, newsroom-reviewed
  • Nithin Kamath criticized net banking apps for intrusive permissions on smartphones
  • Kamath highlighted Zerodha's Kite app requires zero mobile permissions for use
  • He referenced the Principle of Least Privilege as a global cybersecurity standard
Did our AI summary help?
Let us know.
Switch To Beeps Mode

Zerodha co-founder Nithin Kamath has called out net banking apps for being intrusive, primarily due to the host of permissions they require to operate on a user's smartphone. In a social media post, Kamath said he did not use any online banking tools and questioned why these apps needed access to a user's SMS and contacts, among other 'invasive' device permissions.

"I don't use net banking apps on my phone because the mandatory permissions they ask for make no sense," wrote Kamath in an X (formerly Twitter) post, adding: "Why does a banking app need access to my SMS, phone, contacts, etc., in the name of security, when not seeking invasive device permissions is, in fact, the global benchmark for cybersecurity. This is called the Principle of Least Privilege (PoLP)."

Kamath contrasted these practices with Zerodha's Kite app, which he stated requires zero mobile permissions to operate, aiming to set a new standard for user privacy in financial services.

"This is exactly why we've built Zerodha the way we have. Kite asks for ZERO permissions on mobile, for instance, and this is one of the big reasons why millions of people trust us," said Kamath.

"What has enabled us is SEBI's mandatory strong two-factor authentication framework strike the right balance between security and privacy."

Check The Viral Post Here:

Also Read | Mumbai Plumber's Rs 18 Lakh Income And Hyundai Creta Shocks Internet: 'Contemplating Life Choices'

Social Media Reactions

As Kamath's post went viral, a section of users agreed with his assessment, while others pointed out that the permissions were designed keeping in mind the security and vulnerability risks.

Advertisement

"As an iOS developer with 8 years in fintech, this hits hard. Banking apps asking for SMS, contacts and call logs isn't “security”, it is data harvesting dressed in a suit," said one user while another added: "A lot of people ignore this until something goes wrong. Most users focus on convenience and miss how much access these apps quietly ask for. That is where privacy risk starts."

A third commented: "Fair point, but it's not always that simple. Banking apps ask for certain permissions because they rely on SMS-based OTPs, device binding, and fraud detection systems that need limited access to phone data."

A fourth said: "PoLP is ideal, but not every permission is pointless. Some (like SMS) are used for OTP autofill and fraud checks in India."

Advertisement
Featured Video Of The Day
Dubai Suspends International Flights Amid Missile And Drone Threats
Show full article
Topics mentioned in this article
Nithin Kamath Net Banking Apps Privacy Concerns
NDTV News
Edition
INDIA
INDIA
World
World