👩‍🏫Intoduction

Market Analysis of Mobile Messengers, Payment and Financial Applications

Mobile applications have become an integral part of today's phones that contain multimedia features such as text/audio/video chats, group chats, message notifications, status updates, and media sharing. The average smartphone user spends 82 percent of his/her time on email communication, social interaction, and entertainment. Smartphones are an integral part of lives in the 21st century, with more than 3.5 billion mobile phone users worldwide.

Due to its characteristics, the use of mobile applications exceeds the use of social networking websites, with the most prominent applications being WhatsApp (with over a billion users), WeChat (with more than 900 million Chinese users), Facebook Messenger (over 1.3 billion users) and Viber (with 800 million registered users and 260 million active users) (Quintas de Arcanjo, 2019).

• WhatsApp > 1.0 billion

• WeChat > 0.9 billion

• Messenger > 1.3 billion

• Viber > 0.26 billion

Figure 1 - Most popular mobile instant messenger apps, based on number of active users. Source: Quintas de Arcanjo, 2019.

The development of Mobile Instant Messaging (MIM) applications addressed the problems of former generations of mobile phones, in which text and media communications were based on SMS and MMS messages, expensive and limited in size and content. These applications had similar features as those of desktop-based instant messengers, but the portability of mobiles signified a new renaissance for them – as mobiles make virtually any user of the MIMs accessible anytime and anywhere.

This path of development and innovation led to the exchange of vast amounts of textual, visual, audio and video information, as well as files, via MIMs. To illustrate the central role of MIMs and similar mobile forms of communication in our lives, research shows that the average smartphone user spends 82 percent of their time on email communication, social interaction, and entertainment (Matemba and Li, 2018).

With the technological and user-oriented progress of MIMs, new features were gradually introduced into them: users of MIMs can see if messages are received and read, different groups of users can be contacted with ease and group voice and video calls are available in addition to text messages. Therefore, it is not surprising that the use of MIMs exceeds the use of social networking websites due to their engaging characteristics, popularity, accessibility and ease of use.

Among the hundreds of different solutions available to MIM users on Android and iOS mobile phones, the most popular MIMs in the market are Facebook's WhatsApp and Facebook Messenger, Tencent's WeChat and QQ, Telegram, Snapchat and Viber (see Fig. 2 for the leading platforms).

• WhatsApp: 2,000

• Messenger: 1,300

• WeChat: 1.213

• QQ: 617

• Telegram: 500

• Snapchat: 498

Figure 2 - The number of users (in millions) of the most popular MIMs in January 2021. Source: https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/

Beyond its dominance in the MIM market, WhatsApp is probably the most used application on mobiles. Over two billion people worldwide use it for free messaging, calls, and media use and the application is widely adopted in the Middle East and in South-East Asia (Rastogi and Hendler, 2017; Dev, Das, Rashidi, & Camp, 2019; Fig. 1.2). In particular, WeChat's main market consists of Chinese mobile users with substantial growth of its user base from 900 million active users in April 2017 to over 1.2 billion users in January 2021) Tsai and Men, 2018; Fig. 1.2). Applications with a smaller user base, such as Viber, are popular in particular regions. Viber is especially used by mobile users in Eastern Europe, Russia, the Middle East and in some Asian markets.

In addition to their use as communication platforms, MIMs were expanded into mobile payments and financial services (or at least examined this option). With payment services becoming more accessible to all users, as banks are willing to provide mobile solutions to their customers and to attract new and younger customers, mobile users become more comfortable using their applications for payments and money transfers. While the majority of uses are via e-banking applications, MIMs began to integrate financial services to their chat features. WeChat combined RMB transfers and payments into its ecosystem. Facebook was looking into issuing the Blockchain-based Diem (formerly Libra) token for its WhatsApp and Messenger applications (but so far has failed to do so, due to lack of support from its partners). Telegram's TON cryptocurrency token was prohibited by the U.S. Court from use on its MIM, causing the company to abandon further development of the project.

These technological advances were facilitated in part by the decline in the number of MIM downloads, due to the propensity of users to have fewer apps on their devices. Hence, incorporation of money transactions and payment systems into existing messaging apps could help users reduce the variety of applications on their mobiles, to save storage space and encourage users to keep a MIM of their choice on their devices for longer periods.

To illustrate the success of MIMs as platforms for payments and money transfers in China in addition to their online communication features, the volume of money transactions via mobile applications in 2016 exceeded 9 trillion USD in China, while in the U.S. it was only 112 billion USD Liu, 2019. The use of Chinese mobile payment systems, such as Alipay and WeChat Pay, is so widespread such that their users range from beggars to lenders and even criminals.

In many respects, MIMs are solid candidates for integration of payment and money transfer systems. The reasons for this form of integration are as follows:

1. MIMs provide multiple channels for transferring messages, files and data and payments and money transfers can accompany these existing feeds.

2. Usually, payments and money transfers are not carried out in void. Sending money from one person to another (or paying for services and goods) is accompanying by text, audio and video messages and files, such as payment requests, specifications, confirmation of payment, etc. By integrating payments or money transfers with the communications surround it, users can establish searchable references to money transfers and refer to them in future discussions.

3. In many cases, payments and money transfers are made to existing contacts (such as family, friends, contractors, employees, etc.) after discussing them the transfer. The payments and money transfers are thereby extensions of prior communication and can be completed from the same platform with ease.

4. MIMs are mature media platforms for engagement with new and existing customers, audience acquisition and partnerships for public relation purposes. Additionally, workplace MIMs (such as Slack) allow companies to get in touch with their employees anytime and anywhere. Though the use of professional MIMs within companies or corporations it is not yet fully established, employees communicate between themselves via personal MIMs, such as WhatsApp and WeChat. Although these platforms are targeted at interpersonal communications, through exchange of text, voice and multimedia messages between individuals, they do not directly involve the company or its guidelines in terms of knowledge sharing, data distribution and often cyber-security (Tsai, & Men, 2018).

In line with the development of mobile applications, MIMs represent broad ecosystem that connects users with brands, customer relationships and brand-related contents. However, MIMs lack integrated solutions for online shopping and payments to capture the complete purchase cycle from customer engagement through product/service selection, shopping cart management and, finally, paying for the selected goods. WeChat is the exception, as it provides rich multimedia capabilities, business tools for customers and businesses, payment and e-banking features, so that users can not only interact with companies but also make payments to businesses and carry out bank operations along with instant messaging. WeChat has a range of features beyond traditional text messaging: asynchronous chat, photo sharing, video sharing, synchronous voice, video chat, and location sharing. This application also allows multiple payment options, from sending money to friends to paying bills. In this respect, WeChat can be viewed as the "missing link" beween e-commerce and social media communications. Yet, its complete set of WeChat's features is available only for Chinese users (Yang, Chen and Li, 2016.

To compare, WhatsApp supports only interpersonal communications (either on a small scale or to broad groups of up to 250 users). WhatsApp provides options for person-to-person conversations, ad-hoc discussions, and larger structured groups. However, WhatsApp does not provide any payment, money transfer, online shopping or banking features. The application is very popular in several nonwestern countries, primarily Saudi Arabia and India, where it is also the dominant social networking platform, beyond being the leading MIM. Interestingly, the use of WhatsApp is so widespread and intensive in Saudi Arabia and in India that it is frequently in the topics of national debates whether the platform spreads misinformation, encourages violence or is used to coordinate organized crime activities. On the other hand, WhatsApp is broadly used in both countries in information exchanges in telemedicine and it is considered a major communication tool in supporting patient-to-doctor and doctor-to-doctor communications (Calleja-Castillo and Gonzalez-Calderon, 2018.

Figure 3 - Countries or territories with the most WhatsApp users in December 2019. Source: https://www.businessofapps.com/data/whatsapp-statistics/

WhatsApp expanded the capabilities of its messaging app to a business-oriented application called WhatsAppBusiness. This app allows companies to develop closer interaction with their customers by sending messages via a chatbot-like app. Similar features were implemented in Facebook Messenger for company-to-customer interactions. On average, over 20 billion messages are exchanged each month between customers and companies through it (Quintas de Arcanjo, 2019).

Data Privacy Concerns

Information privacy is defined as the ability to control information about oneself and determine when and for what purpose such information can be accessed by others (Jozani, Ayaburi, Ko, and Choo, 2020. However, today it seems that no communications and financial operations are private and safe anymore. Technological developments in recent years have significantly changed the concept of privacy, increased the value of collected data, intensified data collection efforts and raised burning issues regarding the role of third parties, the degree of user involvement in privacy settings and the commercialization of user data. For example, the Cambridge Analytica scandal in which Facebook users' data was utilized for political purposes demonstrates the threats of massive collection of publicly shared and private data. Given the large scale of data exchanges in communications, the contents shared on these platforms can attract a wide range of individuals, third organizations and especially government agencies. However, when deciding to disclose data or to chat online, users are often unaware of the threats and potential misuse of private data, either by online marketers or by oppressive regimes. Moreover, in the context of mobile applications, the disclosure of user data is supplemented by rich data that is generated on the device - device ID, user location and contact list and other data that constantly monitor the activities of their users. This variety of data can further affect the privacy of users (Jozani, Ayaburi, & Choo, 2020. Without being aware or allowing it, health records, social security numbers or financial data on purchases or eating habits is still exchanged and discussed by the doctors, the bankers or the restaurants that serve users via MIMs (Sheehan and Hoy, 2000; Smith et al., 2011)

Practically any mobile messaging application transfers our most private messages to the servers of the companies that operate them, where our text messages, photographs, audio and video recordings and feeds are processed, mined and analyzed by advanced algorithms that have only one aim – profiting the company at the expense of our most private moments and more generally – our lives.

Once we click the "record" or the "send" buttons, the contents are not within our control. Company employees can view and read them. AI can process them to offer us advertisements literally in every online channel, and data about us can be sold to other parties. Further, governments worldwide eavesdrop on our most private conversations as a part of the terms that allow mobile messaging companies to operate within their borders, and messaging in oppressive regimes can cost a person's freedom.

The ecosystem of mobile banking applications that currently provide the main solution for payments and money transfers is significantly different from that of MIMs, as the security of payments and transfers, as well as secure authorization to the bank account for these operations, are the major concerns of the financial institutes that offer them to customers. Yet, mobile payments, money transfers, and shopping applications are not excluded from these types of privacy violations in most countries worldwide. Financial institutes are successfully hacked and data are distributed online or sold through the Darknet. Uploading lists of credit card details and other payment methods to the Internet has become the norm. Banks are required to disclose any data on customers and transactions to/from their accounts should any government agency desire to receive them. Both banking applications and payment applications do not enable anonymous transactions (such as bank transfers or payments to product or service providers that can embarrass the users – such as doctors, psychologists, etc.). In banking applications, user data are transmitted to the bank to carry out the operations provided by the application. In mobile payment applications, it is necessary to provide communication technologies to and from the buyer's and the seller's devices and to transmit the user's data to approve the transaction. Both types of applications require a secure communication channel through which data reaches the Internet from the device or transmitted to it (i.e. a mobile signal or through a wireless connection).

Indeed, operating systems designed for smart mobile devices have introduced a number of different security measures and mechanisms to reduce the risk and to eliminate vulnerabilities and official app stores implement measures to prevent malicious applications that do not meet the required security standards to be offered to end-users. Nonetheless, data thefts, hacking into mobiles and personal photo thefts take place on a large and growing scale. Additionally, some of the currently most popular applications, including social networks, use a range of sensitive data collection tools and methods, such as identity profiling and location collection and analysis, as part of their strategies and business models. Therefore, it is important that applications take all measures to protect data privacy of users that entrust their personal details and broad aspects of their lives to them.

In addition to the vulnerabilities of personal data in mobile phone communications, corporate and business data and communications are vulnerable as well. Devices issued by companies or private devices used for business purposes may serve as targets for industrial espionage, eavesdropping and unauthorized data retrieval for profit. End-to-end encryption (E2EE) that converts the original message into encrypted formats that can only be decrypted via private keys on the phones of recipients (so data cannot be retrieved from proxy servers) was introduced as a solution to this problem, but was implemented only by a fraction of the MIMs (Calleja-Castillo and GonzalezCalderon, 2018)

Data misuse is of particular concern when it comes to applications used for payments. For example, Venmo is a social payment app where a P2P payment feature allows mobile phone users to easily share accounts and transfer money to friends and to vendors. Its social features allow users to share notes, emojis, comments, likes and reactions to other transactions on the platform, encouraging social engagement. However, all transactions are public by default, unless users intentionally change their settings to private or accessible only to friends. To use the app, users must grant Venmo access to their contact list, media files, camera and device ID and must provide a valid phone number, complete personal information (e.g., Social Security number, date of birth and driver license) and their credit or debit card information. The application stores data on user transactions and their social activities with time-marked geolocation data. Personal and financial data collected by Venmo and social feed applications can therefore reveal the lifestyle and habits of their users either to Venmo itself, to third parties or to the government (Zhang et al., 2017).

Global use = Global concerns

Much research and the discussion on data privacy and the use of MIMs have focused on "WEIRD" Western, Educated, Industrialized, Rich and Democratic populations. However, similar concerns were found in different parts of the world, including Middle Eastern and developing economies (Dev, Moriano and Camp, 2020. For example, studies conducted in Saudi Arabia and in India found that both Saudis and Indians were concerned about adding them to WhatsApp groups without their consent, with Saudis mostly being more concerned about the private life aspects of it and Indians concerned over work related aspects. Gender has proven to be a significant variable in the perception of privacy risks and concerns. Although both sexes are equally prone to invasion of privacy, women tend to have greater privacy concerns and enforced privacy-preserving behavior, mostly in patriarchal societies (Dev, Moriano and Camp, 2020).

The growth in the use of MIMs, payment, money transfer and banking applications has caught the attention of attackers, who take advantage of online store flaws for apps, uploading malicious program codes or their own app clones that endangered the privacy and security of users and their financial assets.

Some of the reasons why the volume of attacks on mobile devices increases are the relative ease of obtaining personal and use data from the device and the exponential growth in carrying out banking transactions, payments and money transfers via apps. The aim of the attacks is to gather access data and to gain control over these applications to steal funds from their users.

Nowadays, payment services are more accessible to all users. Banks to offer mobile payment, money transfer and banking solutions and attract new and younger customers while maintaining the existing ones. However, some of the cybersecurity risks emerge from lack of adequate integration of traditional banking systems and less secure and reliable third-party mobile solutions.

Payment exchange services are relatively slow, as information about the outcome of the transaction is sent and approved by both the sender and the recipient, due to the need for verification of transactions by a centralized body – the bank - which is primarily responsible for validating the incoming transactions. This delay in processing the transactions may cause ambiguity and mistrust whether the sender has not executed the transaction as promised, whether the transaction has successfully been completed or has failed, which harm the experience of users and may financially harm companies that depend on incoming money to start processing purchased services and goods in exchange.

To overcome this problem, the Chinese messaging app WeChat has developed a feature that allows users to add their credit card information to their account and make a payment via a QR code to transfer money from the app. However, there were certain restrictions in applying this service - until 2018 WeChat users could associate only credit and debit cards from Chinese banks. Currently, the use of foreign bank cards is allowed only if the application is downloaded within the borders of Mainland China, probably for security reasons.

The use of Big Data technologies in China allows collection of detailed personal data without informing users and collected data can be used for security or for political purposes. The research work of journalists revealed that in China the private and personal data can be obtained without restrictions.

The data collected in China via the use of applications (including MIMs and payment and banking apps) serve a social credit system that monitors and indicates which individuals violate social norms or rules. The government can blacklist them and put restrictions on their daily activities and freedom. If users have good social credit records, they show no opposition to rules and political goals and parties and if they have good social responsibility measures, they receive rewards and incentives from the government (Liang, Das, Kostyuk and Hussain, 2018).

The government has access to billions of user and communication data records collected through mobile apps, giving it insights into the behaviour of individual Chinese citizens, as well as trends in different groups of the population, at any time. The government uses it for various purposes: First, sensitive and compromising data of political opponents is accessible via MIMs and payment applications. Second, the monitoring system that continuously collects and analyses data dictates the distribution of social loans and benefits to citizens that are loyal to the government. Third, the analysis of data leads the government to identifying criminal and corruption acts, such as bribes and violations of various laws. Overall, this ownership of data by the government allows it to capture and to retain additional political, economic and social power.

This reward and punishment strategy also allows the government to decide who can be employed in the public sector and even who can get access to public services or be prevented from receiving them. In this way, the government builds channels for confidential users to access public services, optimizing administrative services and reducing transaction costs. In contrast, citizens on the blacklist receive penalties and restrictions that affect their social, political and economic activities, as well as their well-being. The Chinese government presents its social credit policy as beneficial to citizens. Clearly, by monitoring the activities of users in MIMs, payment and banking apps, the government can enforce its intentions and eliminate potential opposition at the cost of privacy and civil right violations.

To exemplify, the WeChat application monopolizes online communications and payment in China and it operation is necessary for day-to-day life in the country, to the extent that deleting this application essentially means deleting life in China (Chen, Mao, & Qiu, 2018). However, beyond its lightness, accessibility and ease of use lies a darker side – the application, its use and the data are strictly controlled and regulated by the Chinese Communist Party, including monitoring and censoring contents. WeChat defines its role as an effort to improve life in China, but in reality the role of the application maintains the will and power of the ruling party and its privacy policy does not offer protection from government oversight. In protests that took place in Hong Kong against a law passed by the government, WeChat played a key role in blocking news and images of the protests from being distributed to other users (Kharpal, 2019). Additionally, when securing user data and their privacy was evaluated, WeChat received 0 points out of 100 Grigg, 2018).

REFERENCES

Calleja-Castillo, J. M., & Gonzalez-Calderon, G. 2018. WhatsApp in stroke systems: current use and regulatory concerns. Frontiers in neurology, 9, 388.

Chen, Y., Mao, Z., & Qiu, J. L. 2018. Super-sticky WeChat and Chinese society. Emerald Group Publishing.

Dev, J., Das, S., Rashidi, Y., & Camp, L. J. 2019. Personalized WhatsApp privacy: demographic and cultural influences on Indian and Saudi users. Available at SSRN 3391021.

Dev, J., Moriano, P., & Camp, L. J. 2020. Lessons Learnt from Comparing WhatsApp Privacy Concerns Across Saudi and Indian Populations. In Sixteenth Symposium on Usable Privacy and Security ({SOUPS} 2020) (pp. 81-97).

Grigg, A. 2018, February 21. WeChat's privacy issues mean you should delete China's No. 1 messaging app. Australian Financial Review. https://www.afr.com/world/asia/wechats-privacy-issues-mean-you-should-delete-chinas-no1-messagingapp-20180221-h0wgct.

Jozani, M., Ayaburi, E., Ko, M., & Choo, K. K. R. 2020. Privacy concerns and benefits of engagement with social mediaenabled apps: A privacy calculus perspective. Computers in Human Behavior, 107, 106260.

Kharpal, A. 2019, June 13. How social media is shaping what people know - and don't know - about the Hong Kong protests. CNBC. https://www.cnbc.com/2019/06/13/hong-kong-protests-role-of-technology-and-china-censorship.html.

Liang, F., Das, V., Kostyuk, N., & Hussain, M. M. 2018. Constructing a data‐driven society: China's social credit system as a state surveillance infrastructure. Policy & Internet, 10-4, 415-453

Liu, A. 2019. An Analysis of the PBOC's New Mobile Payment Regulation. Cato J., 39, 87.

Matemba, E. D., & Li, G. 2018. Consumers' willingness to adopt and use WeChat wallet: An empirical study in South Africa. Technology in Society, 53, 55-68.

Quintas de Arcanjo, T. 2019. Sending cryptocurrency over mobile applications (Doctoral dissertation, Dublin City University).

Rastogi, N., & Hendler, J. 2017. WhatsApp security and role of metadata in preserving privacy. arXiv Prepr. arXiv1701, 6817, 269-275.

Tsai, W. H. S., & Men, R. L. 2018. Social messengers as the new frontier of organization-public engagement: A WeChat study. Public relations review, 44-3, 419-429.

Zhang, X., Tang, S., Zhao, Y., Wang, G., Zheng, H., & Zhao, B. 2017, May). Cold hard E-cash: Friends and vendors in the Venmo digital payments system. In Proceedings of the International AAAI Conference on Web and Social Media (Vol. 11, No. 1)