How to remove a malicious loan app's access from your phone

If a loan app has been harassing you, its real leverage almost always comes from one thing: the access it took to your phone when you installed it. Permission to read your contacts, your photo gallery, your SMS messages and your storage is what lets an app threaten to message your family, misuse your images, or scrape your personal life for pressure. The reassuring news is that this access is something you can take back, often in just a few minutes. This guide walks you through doing exactly that — calmly and in the right order — on both Android and iPhone, while keeping the evidence you may need and asserting your data rights under the law.

First, preserve the evidence — then act

Before you change anything, spend a few minutes documenting, because once you uninstall an app some of this becomes harder to capture. You do not need to keep the app installed afterwards; you simply want a record first.

Capture the app's name and package details (on Android, this is its "App info" page), a screenshot of which permissions it currently has, any abusive or threatening messages you received, and a note of your loan account or application ID and what you borrowed and repaid. Store all of it in one safe place. loantrap.org's private locker is a free, secure space to keep these screenshots and build a dated timeline, so that if you later complain to the police, the cyber-crime portal, or the lender's grievance officer, your evidence is ready and organised. Our guide on documenting harassment so it stands up legally explains how to do this thoroughly without overwhelming yourself.

With the evidence safe, you can move to cutting off access.

Revoke permissions on Android

On Android, you can strip an app's permissions without deleting it — which is useful if you want to neutralise it while keeping it briefly for reference. The exact wording varies a little by phone brand, but the path is broadly the same.

1. Open Settings, then Apps (or "Apps & notifications").
2. Find and tap the loan app in the list.
3. Tap Permissions. You will see what it can access — Contacts, Camera, Photos and media/Storage, SMS, Phone, Location, Microphone.
4. Tap each sensitive permission and set it to Don't allow (or "Deny"). Pay special attention to Contacts, SMS, Storage/Photos and Phone, as these are the ones used to pressure borrowers.
5. While you are there, check Settings > Privacy / Permission manager to confirm nothing was missed, and review any "Display over other apps" or "Accessibility" access, which some aggressive apps misuse.

Revoking permissions immediately stops the app from reading anything new from those parts of your phone. After this, you can uninstall it (covered below). On most recent Android versions you can also turn on auto-revoke permissions for unused apps, which is a good general habit.

Revoke permissions on iPhone

On an iPhone, app permissions are managed centrally and are straightforward to withdraw.

1. Open Settings and scroll down to the loan app's name in the list of apps, then tap it to see the access it was granted; turn off Contacts, Photos, Microphone, Location and anything else it does not genuinely need.
2. Alternatively, open Settings > Privacy & Security, then go into each category — Contacts, Photos, Microphone, Location Services — and switch the app off there.
3. For photos specifically, you can set access to None, cutting off gallery access entirely.

iPhones generally do not grant apps access to your SMS or full contact-scraping in the way some Android apps obtain, but it is still worth confirming that Contacts and Photos are switched off for any loan app you are concerned about.

Uninstall the app safely

Once permissions are revoked and your evidence is stored, uninstall the app. On Android, long-press the app icon and choose Uninstall, or remove it from Settings > Apps. On iPhone, long-press the icon and choose Remove App > Delete App. If the app had unusual access such as "Device admin" or "Accessibility" on Android, you may need to disable that first (under Settings > Security > Device admin apps or the Accessibility menu) before Android will let you uninstall.

It is important to be clear-eyed about what uninstalling does and does not achieve. Uninstalling stops further harvesting from your phone — that is real and worthwhile. It does not delete the data the app already collected and stored on its servers. For that, you need to assert your deletion rights, which is the next step.

Stop the data they already hold — use the DPDP Act 2023

India's Digital Personal Data Protection Act, 2023 (DPDP Act) gives you the right to ask a company to delete your personal data when it is no longer needed for the purpose it was collected for, and the right to have wrongly held data corrected or erased. A loan app that scraped your contacts and gallery had no lawful purpose for most of that data in the first place.

Use this right in writing. Send the lender or app a clear request — through the grievance contact they are required to provide — stating that you withdraw consent for the processing of your personal data, that you require them to delete the contacts, photos and other personal data they collected, and that you want written confirmation. Keep a copy of what you send and any reply. If they ignore or refuse the request without good reason, the Act provides for grievance redress and escalation. Our guide on how loan apps misuse data under the DPDP Act explains these rights and the over-collection pattern in more detail, and the help page lays out where to escalate.

A quick security clean-up afterwards

After cutting off a malicious app, a short security pass gives you peace of mind:

• Run a malware/Play Protect scan (Android: Play Store > Play Protect) to confirm nothing else was installed alongside the app.
• Review your installed apps and remove anything you do not recognise or remember installing.
• Change passwords for important accounts if the app had broad storage or accessibility access, and turn on two-factor authentication where you can.
• Check your bank and UPI for any auto-debit mandate the app may have set up, and cancel mandates you did not intend.
• Restart your phone so the changes take full effect.

None of this needs to be done in a panic. Working through it steadily, once, is enough.

If the harassment continues after you have cut off access

Sometimes the calls and messages continue even after you have revoked access and uninstalled, because the harassers are working from data they already took. That is the point at which reporting matters most. Threatening messages, contacting your family, and misuse of your images are not lawful recovery — they are offences. You can report them by calling 1930, filing on cybercrime.gov.in, and complaining to the police, and where a regulated lender sits behind the app, through the RBI grievance route. Our help page sets out these channels in order.

If you cannot afford a lawyer and the matter escalates to a notice or court process, cost should never stop you: free government legal aid is available through NALSA, your State Legal Services Authority and District Legal Services Authority. Our legal aid page explains how to reach them.

Taking back an app's access to your phone is one of the most empowering steps you can take, because it shifts control back to you. The threats lose much of their force once the app can no longer reach into your contacts and gallery, and the law stands behind your right to have what they already took deleted. Do it calmly, keep your records, and lean on the free channels built to help.

This is general information, not legal advice. For ongoing harassment or data misuse, consider the cyber-crime helpline (1930 / cybercrime.gov.in), the police, the RBI grievance route, and free legal aid (NALSA/SLSA/DLSA) or a qualified advocate.