Data privacy in danger: Should the world be wary of superapps?

As apps expand their services — from ride-hailing to personal finance — the consequences of data breaches become more and more significant.

Data privacy in danger: Should the world be wary of superapps?

At first glance, a one-stop shop for everything under the sun — from food delivery to personal finance — seems like an ideal service, removing the need to clutter your phone with dozens of apps.

One account could be the key to all your day-to-day needs, and you wouldn’t need to safe keep a bunch of different passwords. 

Superapps are working to make this a reality. They provide users access with an ecosystem of services, all grouped together on one platform. Asia has been quick to embrace the concept – a trend led by companies such as Grab and Alipay. 

After starting out as a ride-hailing app, Grab has since extended its offerings to food and parcel delivery, financial services including insurance and investment plans, as well as online health screenings. Alipay has gone down a similar route after starting off as a payments app. 

apple card savingsApple Card’s savings account was launched this April, offering a 4.15% APY / Image Credits: Apple

Beyond Asia, global tech giants are broadening their horizons as well. Apple introduced its own high-yield savings account earlier this year, while Microsoft has been looking at integrating a crypto wallet into its Edge web browser.

Most recently, Elon Musk announced his vision to turn Twitter – now rebranded to X – into a superapp with fintech services.

Superapps and cybersecurity

The superapp trend stands to make life more convenient, but not without its own set of tradeoffs. One of the primary concerns around such apps is that of data privacy. 

facebook data securityImage Credit: CPO Magazine

Data breaches have become more common ever since the internet rose to prominence. In recent years, platforms including Facebook, LinkedIn, and Yahoo have all suffered from cyber attacks leading to user data – including names, addresses, passwords, and phone numbers – being leaked.

With superapps, the consequences of such breaches would become more severe. “For every additional function we use an app, the ramifications of a breach become larger,” explains Tony Jarvis, Director of Enterprise Security (Asia-Pacific & Japan) for cybersecurity company Darktrace. 

“Other parts of our lives become for grabs for threat actors. By having access to [information such as] our finances, food delivery history and social media profiles, they could build a profile of a victim [which can be used to commit] identity theft.” Attackers may also choose to sell this data to others or use it to commit fraud.

As companies start to learn more about their users, they must assume a greater responsibility to keep data safe. As a result, the growth of data collection has been accompanied by a rising demand for cybersecurity in recent years.

Keeping data safe

The International Data Corporations (IDC) forecasts that cybersecurity spending will increase by over 12 per cent this year alone, reaching US$219 billion. This trend is expected to continue through till 2026 when spending is expected to reach US$300 billion. 

Cybersecurity has been propelled by the growing availability of high-value data which can be targeted. Jarvis states that cybercrime has become a multi-billion dollar industry in itself, led by highly professional actors.

If superapps aren’t well-guarded, cybercrimes would only become more profitable and appealing in coming years. 

facebook metaIn 2019, a data breach exposed the personal information of over 500 million Facebook users / Image Credits: Engadget

“Repeated reports of large-scale breaches – with immense reputational, operational and financial damage – have also brought cybersecurity to the top of the agenda,” Jarvis adds. “Boards of companies are understanding that cybersecurity is a vital part of safeguarding a company’s operations and ability to deliver services to customers.” 

Cybersecurity is now essential, not as a one-time cost but an ongoing investment for companies. With recent development in AI technology, this has only become more evident. 

Today, AI has made it easier to extract value from data. Analytics tools can provide insights to businesses about driving revenue growth and optimising user experience. This inherently makes data more valuable, and for those who partake in stealing and selling data, it means bigger paydays. 

Along with this, AI has also enabled cybercriminals to launch more sophisticated and novel attacks altogether. “In January and February this year, we observed a 135 per cent increase in novel social engineering attacks corresponding with the widespread adoption of ChatGPT,” says Jarvis. 

The need for regulation

Even with cybersecurity spending trending upwards, it stands to reason that policymakers should step in. With data breaches becoming costlier by the day, companies should be held to a higher standard when it comes to protecting data. 

chatgpt scamChatGPT is being used by scammers to write convincing phishing emails / Image Credits: CBC.ca

Jarvis agrees that regulations – surrounding the best practices for storing and using consumer data – will always be crucial, however, that might not be enough.

“The cybercrime world moves faster than legislation,” he says. For companies to truly stay protected, there will be a need to go above and beyond basic standards. 

With this in mind, consumers would benefit from staying informed and paying closer attention to a platform’s data policies before signing up.

Skimming through Terms & Conditions has long been a norm, but given the changing landscape – where a single platform might soon know everything about you, from credit card details to travel habits – users would be well-advised to think carefully about whom they trust. 

Featured Image Credit: Grab / AirAsia / Alipay

Also Read: E-commerce meets crypto: GM.co founder speaks about the demand for crypto payments