DPDP & GDPR protect obvious data like phone numbers and bank information, but don’t stop or regulate apps from profiling users by silently querying installed apps in the background
Quick question : Assuming I'm at the Zomato's check out page where a query is sent to our phones for the presence of UPI apps. Now, when the response brings in a list of UPI apps, what is the role of the PG/PA here? Does the app list data pass through the PG or is it just a data point for Zomato?
In the context of payments, it all depends on who owns the payment experience. With Server to Server, where the backend calls the PA / PG, and the front end UI and experience is owned by the app (lets say Zomato), then Zomato is querying locally on the app, there is no PA / PG involvement until the user clicks on a specific UPI App to do the payment.
If its something like a standard checkout, where the checkout SDK is embedded in the app, and here the frontend and backend is owned by the PA, then the app would handover control, and the PA's checkout SDK would query (locally) on behalf of the app.
This is such a good deep-dive into the topic and covers so much more than I could in my post. And thank you for also doing the analysis of iOS apps!
Thank you for reading, and thanks for the post you wrote, on how apps know everything we're doing - it blew my mind!
Quick question : Assuming I'm at the Zomato's check out page where a query is sent to our phones for the presence of UPI apps. Now, when the response brings in a list of UPI apps, what is the role of the PG/PA here? Does the app list data pass through the PG or is it just a data point for Zomato?
In the context of payments, it all depends on who owns the payment experience. With Server to Server, where the backend calls the PA / PG, and the front end UI and experience is owned by the app (lets say Zomato), then Zomato is querying locally on the app, there is no PA / PG involvement until the user clicks on a specific UPI App to do the payment.
If its something like a standard checkout, where the checkout SDK is embedded in the app, and here the frontend and backend is owned by the PA, then the app would handover control, and the PA's checkout SDK would query (locally) on behalf of the app.