As mobile credit grows across emerging markets, one question stands out: how can repayment enforcement coexist with user privacy? To explore this, we sat down with Victor Kirnarskiy, CEO of GetMobi, whose company has helped design and scale smartphone financing programs across LATAM, Asia, and Africa.
In this unedited interview, Victor shares candid insights into the evolution of device locking, regulatory challenges, and the role of privacy in building trust. This transcript is part of our ongoing series on Device Lock & Privacy.
For a structured analysis with frameworks and case studies, read our main article: Device Lock & Privacy: Enforcing Repayment Without Losing Trust
Q: From your international experience, how has device locking technology evolved over the past five years? And what role has privacy played in shaping that evolution?
Victor Kirnarskiy: Device locking is a phenomenon and privacy exists together in very close relations. The technology itself was created specifically for consumer financing—for smartphone financing. And one of the key things in the relationship between the lender, the bank, or telecom company, and the user is trust, combined with respect for privacy.
Lenders inevitably work with some kind of personal data—names, phone numbers, everything involved in KYC. Since they process this data, device locking must be built on a high level of respect for privacy. Systems must process data according to local laws and international practice. Device locking must not handle personal data outside what the law allows.
So, once we get control of a device, the locking software carefully avoids personal data—it never processes it beyond what’s required. Privacy is actually one of the foundations of device locking. The software never transfers personal data, and it’s technically impossible to extract any. Device locking exists alongside personal data, but never mixes with it.
Q: Could you tell the key difference you have observed between developed and emerging markets in how device locking is applied?
Victor Kirnarskiy: The key difference is privacy. Implementing device locking in developed markets is harder, because privacy policies and legislation are mature. Every project involves extensive legal reviews, as government bodies and legal departments scrutinize compliance. This slows down implementation.
In emerging markets—Africa, parts of Asia, Latin America—where privacy laws may be less strict, implementation can be easier. Still, some lenders overdo their legal preparations, even when not strictly required, because they anticipate that privacy laws like GDPR may arrive in the future.
Another difference is affordability. In developed markets, many consumers can buy smartphones outright. Device locking was designed for emerging markets, where affordability is a challenge. That’s why most of GetMobi’s projects are in Latin America (Mexico, Argentina, Colombia), Southeast Asia (Indonesia, Malaysia), and Central Asia (Uzbekistan, Kazakhstan).
Q: How do you face situations when privacy policies change in emerging markets?
Victor Kirnarskiy: Privacy laws don’t change often, but many countries are moving toward data localization—requiring that personal data be stored inside the country. This creates challenges, since device locking often operates via cloud servers, which inevitably process some data.
Usually this data is limited to device identifiers like IMEI numbers, not personal information. Still, customers often hesitate until they are reassured that data is depersonalized and not transferred abroad. It can take months of clarification before they feel ready to scale.
Q: What are the most critical privacy risks when implementing device locking financing programs?
Victor Kirnarskiy: There are two categories.
Storage of data. Integrating device locking requires careful handling of data transfers, processing, storage, and protection. If done poorly, third parties could gain access. In 99% of cases, partners manage this well. We haven’t seen major breaches, but it’s always the customer’s responsibility to secure their systems.
Cybersecurity. The human factor is the biggest risk. If access to systems isn’t protected, insiders or outsiders could gain control—and even lock devices unfairly. This is dangerous. It’s more of a reputational and security issue, but it affects privacy too. Companies must structure access roles and permissions carefully.
Q: What common mistakes do fintechs and telecoms make when balancing repayment enforcement with user privacy?
Victor Kirnarskiy: There’s one very scary case from Southeast Asia. Some companies misused device locking systems to install spyware on user smartphones. It wasn’t the locking software itself, but they used the system to inject malware that extracted contacts, messages, and photos—then exposed them publicly.
That’s not a mistake—it’s a crime. But even knowing such cases exist erodes user trust everywhere. Fintechs should never use device locking for anything beyond loan-related communication—payment schedules, overdue reminders, etc.
In rare cases (less than 5%), potential customers have asked us about misusing the technology this way. We refuse such clients. Device locking must remain a clean, compliant instrument. If companies follow laws and basic rules, mistakes are unlikely. Problems only occur when they deliberately compromise privacy.
Q: Can you share a case where responsible device lock design increased user trust and improved repayment performance?
Victor Kirnarskiy: Yes. In Southeast Asia, a microfinance company created a clear FAQ on their website. Customers knew exactly what device locking was, and why notifications appeared.
Their onboarding was excellent: merchants received videos to show customers before signing contracts. These two-minute videos explained restrictions and repayment processes clearly. As a result, customers had zero confusion and repayment performance improved.
Problems only happen when companies complicate or disguise device locking. Transparency eliminates friction.
Q: How do you envision the relationship between device locking and privacy evolving over the next three to five years?
Victor Kirnarskiy: I don’t see radical change, but the ties will strengthen. Device financing will grow, and device locking will grow with it. People will learn that it exists to make smartphones affordable—not to control users.
In time, device locking will be associated with privacy, not surveillance. It can even serve as an alternative to formal credit history for borrowers without banking transactions. This strengthens inclusion.
Q: What role could emerging technologies like AI or blockchain play in making device lock more secure and privacy-friendly?
Victor Kirnarskiy: AI can reduce human error by predicting borrower behavior and nudging users to stay on track with payments—potentially avoiding locks altogether. It can act like a “friendly watchdog” helping with budgeting and discipline.
Blockchain could tokenize smartphones as assets, enabling new forms of financing. For example, investors could fund devices for workers in Africa or Asia, knowing the asset is protected by device locking. This could expand global credit access securely.
Q: If you had to create a basic checklist, what principles should any fintech follow to implement device lock responsibly?
Victor Kirnarskiy: Three things:
Be explicit and vivid. Tell customers from day one that the phone includes device lock, and explain clearly how it works.
Be honest internally. Teams across legal, product, and engineering must agree that device locking is only for repayment discipline—not for data extraction or control.
Invest in cybersecurity. Even startups must assign someone responsible for security and close backdoors. Device locking is powerful; mishandling it creates big risks.
Q: Any final advice for fintechs or telcos considering device locking?
Victor Kirnarskiy: Privacy is a tricky, speculative topic—often used politically or in media. The best advice is radical transparency. Show your “ingredients” like on a food label: explain openly what device locking does, what data is collected, and why. If you play fair, you stay safe.
This conversation makes one point clear: device locking cannot succeed without trust. Lenders and telecoms that treat privacy as a core design principle—through clear communication, strong cybersecurity, and transparent practices—are not just protecting themselves from regulatory risk, they are building long-term credibility with their customers.