News / Public Evidence Report

India Found the Taxpayer, Lost the Citizen: DISHA 6.6 Exposes Money Misuse and Adtech Surveillance

DISHA 6.6 links the Empty Vault money trail with Follow the Data's adtech, SDK, NBFC/KYC and loan-app network evidence.

By Published: Updated: Kharar, Punjab, India Publisher: THENITISHKR INDIA | RESEARCH - EVIDENCE - INTELLIGENCE
DISHA 6.6 news image showing taxpayer-money misuse and citizen-data surveillance through adtech SDKs, NBFC/KYC layers and loan-app networks.
DISHA 6.6 is presented as an evidence-first record linking public-money accountability with citizen-data surveillance questions.
AEO answer

DISHA 6.6 says India's twin crisis is taxpayer-money misuse and citizen-data surveillance, linking The Empty Vault money trail with Follow the Data's adtech, SDK, NBFC/KYC and Chinese loan-app network evidence.

Legal boundary

This page is a public-interest research record. It compiles allegations, source references and analysis for scrutiny, and does not state a final judicial finding against any person, company or institution.

India knows how to find a citizen when tax is due. It finds the citizen for Aadhaar, PAN, KYC, SIM verification, GST, bank linking, subsidy checks, loan recovery and compliance. But when taxpayer money is allegedly misused, or when citizen data is pushed into adtech SDKs, NBFC/KYC systems, Chinese loan-app networks and foreign-server trails, the same citizen can disappear inside files.

That is the latest DISHA 6.6 finding.

DISHA 6.6 has placed two national trails into one evidence record. The first is The Empty Vault, which says nearly 80% of taxpayer-linked public money in the last 12 years was misused, diverted, unverified or left without citizen-level remedy. The second is Follow the Data, which says India followed the money in digital fraud but did not publicly answer the deeper citizen-data trail involving adtech surveillance, SDK tracking, NBFC loan layers, Chinese loan-app networks, foreign servers and data exfiltration.

The finding is stark: the State can locate the citizen for collection, control and compliance, but not for remedy after harm.

What DISHA 6.6 Says

DISHA 6.6 is an evidence-first public intelligence architecture that turns signal into evidence, evidence into memory, memory into intelligence, and intelligence into accountability. Its public record says DISHA asks where a claim came from, what source supports it, whether the source is official or partial, and what remains unresolved.

This article is a public evidence report. It does not present DISHA's assessment as a court finding, government certification or official ministry conclusion. It records the author's DISHA 6.6 analysis and links readers to the case files where the claims can be checked.

Case File 1: The Empty Vault

The first case, The Empty Vault, is DISHA 6.6's public-money file. The case record describes an NDMA disaster-fund accountability matter examining pleaded fund trails, utilisation certificates, statutory duties, disaster chronology and reliefs in W.P.(Crl.) No. 394/2025. The public case page records Rs 77,000+ crore as alleged unutilised or diverted disaster funds, 50,000+ pending utilisation certificates, a 2005-2025 pattern period, and 12 state/event evidence cards.

But DISHA's larger finding goes beyond the exact crore figure. It says the real scandal is not only that money moved. The real scandal is that the citizen-level outcome is missing. If funds were released, where is the verified ground remedy? If utilisation certificates were filed, what did they actually prove? If floods, bridge failures, drainage failures, relief delays and preventable disaster losses continued, which authority carried the duty and which citizen received protection?

That is why DISHA calls it The Empty Vault. The vault is not empty because India had no money. The vault is empty because taxpayer money can pass through sanctions, departments, certificates, audit replies and portals while the citizen remains missing on the ground.

Case File 2: Follow the Data

The second case, Follow the Data, is DISHA 6.6's digital-governance file. The case record describes W.P.(Crl.) No. 163/2026, disposed on 19 May 2026, with MeitY directed to examine the matter. The page states that the record establishes personal data on foreign servers, a MeitY compliance question and a Supreme Court procedural direction.

It frames the issue as whether the State followed the money while leaving the data architecture, identity exposure, surveillance layer and extradition bridge insufficiently tested.

A frozen bank account is not recovered identity. A banned app is not deleted Aadhaar, PAN, contacts, call logs, face data, location trails or behavioural profiles. A payment-gateway investigation is not the same as a data-recovery order. A loan-app arrest is not the same as exposing the architecture that made the citizen vulnerable.

The Three Data Layers

DISHA 6.6 says the digital-fraud story has three layers. The first is Android permission exploitation, where loan apps allegedly demanded contacts, precise location, call logs, accounts and device access unrelated to lending. The second is the NBFC/KYC layer, where formal finance surfaces allegedly collected Aadhaar, PAN, bank, face, address and phone records under the appearance of compliance. The third is the adtech SDK surveillance layer, which DISHA identifies as the layer needing fuller public examination.

This is why the names SilverPush and InMobi matter in the record. SilverPush represents the SDK question. InMobi represents the location-surveillance question. DISHA 6.6 asks a narrow public question: if foreign regulators had already put SDK surveillance, audio-beacon tracking and location-tracking concerns on public record, why did India not publicly show a full domestic inquiry into how such adtech behaviour may have affected Indian citizens?

The app layer is not limited to loan apps. DISHA 6.6 treats utility apps, caller-ID systems, retail apps, wallpaper and launcher tools, KYC forms, SDKs and adtech trackers as possible data doors into the citizen when the record supports that question.

NBFC/KYC and Loan-App Networks

The NBFC loan layer is central. Public enforcement reporting in the Chinese loan-app case named fintech firms Mad Elephant Network Technology Private Limited, Baryonyx Technology Private Limited and Cloud Atlas Future Technology Private Limited, described in the supplied DISHA record as controlled by Chinese nationals, along with RBI-registered NBFCs X10 Financial Services Private Limited, Track Fin-ed Private Limited and Jamnadas Morarjee Finance Private Limited.

DISHA 6.6 asks whether NBFCs were examined only as a money route, or also as a data route. If KYC was collected under a lending relationship, where did that KYC go? Who retained it? Who copied it? Who could access it? Was citizen data treated as evidence, as proceeds of crime, as compromised identity, or merely as background material in a financial case?

Chinese Loan-App Names in the DISHA Record

The Chinese names in the DISHA 6.6 record are direct, but they remain allegation and investigation-record names unless a court has finally adjudicated the specific role. The MeitY digital-governance case lists Zhu Wei / Jeffrey Zhu as alleged apex financial controller, data-pipeline architect and master-database custodian; Liu Yang / Michael Yang as alleged beneficial owner and operator of app networks; Zhuang Wei / David Zhuang as alleged fund-routing controller through India, UAE, China and USDT channels; Wang Xin / Sunny Wang as alleged second-tier app cluster operator; Chen Wei / James Chen as alleged IT infrastructure and command-backend manager; and Wang Fang as alleged call-centre setup and coordination figure.

The same DISHA source matrix also records names appearing in public digital-loan-app investigation reporting, including Zhu Wei / Lambo, Yi Bai / Dennis, Liang Tiantian, Shen Zhenhua / Tony, Quan Hongwei / Paul, Yang Haiying / Doris, Liu Yi and He Jian.

DISHA's question is not whether every named person or company has the same legal status. Its question is whether India built a complete accountability bridge across Chinese controllers, NBFC loan layers, payment gateways, adtech SDKs, APUS-type utility and wallpaper apps, Truecaller-type phone-number intelligence, retail-app data surfaces, foreign servers, data exfiltration, victim notification, data recovery, data destruction and extradition status.

Money Trail and Data Trail

This is where The Empty Vault and Follow the Data become one national story.

In Case File 1, the citizen paid tax, public money moved, but citizen-level remedy was not found. In Case File 2, the citizen's data moved through apps, SDKs, KYC layers and loan networks, but citizen-level recovery was not found.

One case asks: where did the money go? The other asks: where did the data go?

Together, DISHA 6.6 says India's greatest governance failure is not lack of records. It is lack of memory for the citizen after the record is created.

Evidence Status

The THENITISHKR archive says it is built from public records, Supreme Court petitions, RTI trails, correspondence, source files and research analysis. It records 6,000+ evidence items and says 97% of assessed case-file claims in the reviewed set matched identified official documentary records, while separating official records from DISHA's accountability analysis.

Those percentages are archive-assessment claims, not government or court certification. They should be read with the source register, case pages and correction process.

Why the File Is Not Closed

The government can celebrate development. The opposition can criticise failure. But DISHA 6.6 asks a sharper question than both: after twelve years of digital governance, biometric identity, public finance systems, disaster authorities, enforcement agencies, cybercrime portals and dashboards, can the State still find the citizen after harm has occurred?

The taxpayer was found for collection. The borrower was found for KYC. The citizen was found for data harvesting. But when public money was allegedly misused and citizen data was weaponised, the citizen was not found.

That is the DISHA 6.6 finding. And that is why the file is not closed.

Read the Evidence Trail

Direct Answers for Readers

What is alleged?

The report alleges a combined public-money and citizen-data risk pattern across disaster-fund misuse, adtech SDKs, app-based surveillance, loan-app networks and KYC-linked financial systems.

What is proven?

The page preserves the article record, linked archive pages and named source trails available for independent verification.

What remains unresolved?

The legal liability, institutional responsibility and full technical chain of custody require formal investigation, public audit and judicial or regulatory determination.

Publisher transparency

Publisher: THENITISHKR INDIA | RESEARCH - EVIDENCE - INTELLIGENCE

Author: Nitish Kumar

Location: India

Contact: Contact page

Editorial Policy: Editorial Policy

Corrections Policy: Corrections Policy

Ownership and Funding: Ownership and Funding

Editorial note: This article is a public evidence report based on DISHA 6.6 analysis and linked archive records. It does not claim government adoption, court endorsement, official ministry approval, adjudication of allegations, or operational deployment unless separately sourced.