Permissions and Pitfalls: How Innocent Apps Can Drain Your Wallet
Anwar, a man in his seventies, struggles to read even the text on his mobile screen without glasses. One night around 3 a.m., he received a text message—appearing to be from a bank. Too hesitant to disturb his sleeping son, he simply dimmed his phone’s brightness and left it until morning.
By daybreak, all his mobile money accounts—Nagad, bKash—had been emptied.
He hadn’t shared any code. He hadn’t spoken to anyone. Still, the money was gone.
The Investigation
He filed a General Diary (GD) with the local police. The investigating officer began by examining Anwar’s phone through digital forensics.
They discovered two suspicious apps: “Smart Cleaner”, which claimed to optimize the phone, and “Fast Video Downloader”, intended for saving YouTube videos. Both apps had received Accessibility Permissions—which allowed them to read the screen, type on behalf of the user, and even access OTPs (one-time passwords).
Nagad and bKash confirmed that login requests had come from a different device using OTPs sent to Anwar’s number. The funds were withdrawn via a local mobile money agent.
In essence, “You may own the screen, but the screen no longer belongs to you.”
A Widespread Issue
This wasn’t an isolated case. Salma, another victim, had clicked on an ad offering to “change colors using your photo.” An app was downloaded, permissions were granted—and soon after, her WhatsApp was flooded with login alerts and suspicious activity.
A young man named Hasan tried to edit his girlfriend’s photo using a “Mirror App.” That download didn’t just reflect their love—it mirrored his digital identity too.
The Takeaway
Don’t click on unknown apps. Pay attention to what permissions an app is asking for. Receiving a code or OTP is not inherently dangerous—unless someone or something can read it for you.
Every phone is like a door. You may keep the door locked, but if someone opens the window from behind, a robbery is inevitable.
To protect your digital future, learn how technology works—or technology will learn you.
Writer: Tanvir Hasan Zoha, A cybersecurity specialist and Assistant Attorney General, International Crimes Tribunal
Disclaimer: The views expressed in this op-ed are solely those of the author. Digital Bangla Media does not endorse any part of this opinion. It has been published without editorial intervention as part of the platform’s commitment to diverse perspectives. Any dissatisfaction with the content is a matter of personal concern.
