Why You Can Trust CNET Keep Your Phone Safe by Avoiding These 5 Red Flags When Downloading Apps
From privacy policies to permissions and reviews, here's what to watch for when downloading apps.
- She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.
Don't download new apps without checking for these warning signs.
From checking your email and streaming music or movies to securely logging into your work laptop, there’s a mobile app for virtually everything. Despite that convenience, staying safe when downloading apps is increasingly difficult because you’re constantly installing or updating software. According to a study by researchers at York University in Toronto and the University of Connecticut, participants unknowingly agreed to give a fictional company -- NameDrop -- their future firstborn children. This highlights the notion that -- whether it’s not reading the terms of service (ToS) and privacy policy or failing to check what permissions an app requires -- most of us aren’t performing our due diligence.
Even as companies like Apple and Google add new ways to stop apps from tracking you across iOS and Android, it's still important to pay attention whenever you install an app. Here are a few red flags to watch for before downloading apps.
1. Are you using a third-party app store or sideloading apps from a shady website?
One of the easiest ways to remain safe when downloading mobile apps is by sticking to the official app stores: Google Play for Android and Apple’s App Store. Google and Apple vet apps before allowing listings. While malicious or unsafe applications occasionally slip through the cracks, Apple and Google remove them swiftly. Additionally, first-party app stores further bolster your safety. Google Play Protect scans devices and apps for detrimental activity. The Google Play Store even hides apps that haven’t been updated for years and therefore might suffer from security vulnerabilities.
Because the official Apple and Google Play app stores offer properly scrutinized, updated versions of applications, we suggest downloading from those sources directly rather than alternatives like APKPure or Aptoide. If you do use third-party app marketplaces, stay with reputable sites like the Amazon App Store or Samsung Galaxy Store. Under rare circumstances when you’ve got no choice other than sideloading, download apps directly from the official website for that software.
2. How complex is the app's privacy policy or terms of service?
If you’re not poring over each app’s terms of service (ToS) agreement or privacy policy before tapping “accept,” you're not alone. An automatic warning sign is when an app’s terms of service or privacy policy is so obtuse that it’s indecipherable. Although complicated language could be innocuous -- like poor writing -- apps with ToS or privacy policies hiding what you’re actually agreeing to are deceitful and should be avoided. A good general rule of thumb is not to sign anything when you don’t understand what you’re consenting to. Look for information on what data is collected and how that’s being used.
Policies that want an implicit agreement or implicit consent should raise a red flag. Nader Henein, a senior research director and fellow of information privacy at Gartner, warns that privacy policies with implicit agreements should raise your eyebrows. Rather than opting in, a terms of service agreement might state something like "by using this app, you agree to A, B and C." With implicit agreements, you’re not giving your consent, but rather a general disclaimer opts you in. Instead, privacy policies and terms of service should provide explicit consent, where you have to accept before using an app. But make sure you actually read the agreements.
Are you strapped for time? Try the Terms of Service; Didn't Read (TOSDR) browser addon. As the name suggests, TOSDR -- a grassroots project where anybody can collaboratively review the terms and policies of any website -- digests the documents asking for your compliance and transforms them into something quick and readable. ToS;DR sorts privacy policies and website terms into different classes, with Class A being very good and Class E being the worst. In addition to the class score, contributors can rate sections of the terms as Good, Bad, Blocker or Neutral.
You can view an app's specific settings to double-check your privacy options.
3. Is the app monetized by collecting and selling your data?
Monetizing apps with ads is pretty common. Often, ad-supported apps remain free or largely available at no-cost while still generating revenue for continued development -- like introducing new features or patching security vulnerabilities. But in-app advertisements typically mean an application is profiting by selling your data. Collecting certain necessary information is admittedly helpful, like monitoring app crashes for the purposes of fixing bugs or viewing errant clicks to improve a poorly designed user interface.
However, collecting lots of information that is sold to third-party advertisers or could potentially be stolen in a data breach might give you pause. Check what a policy agreement says about data collection before hitting download. Plus, think about how an app makes money, especially if it's free to download. Ads and microtransactions explain free or freemium (a portmanteau of “free” and “premium”) applications, but if there’s no clear monetization method, it’s possible your data is being sold.
Check what data an app collects and how that information is used.
4. What are the app reviews, and how many times has it been downloaded?
Before downloading an app, check reviews. If an app mostly has low ratings, it could be buggy or disreputable. Either way, a poor user rating should make you think twice before installing software. Similarly, if a popular app like Spotify, Netflix or Instagram only has a small number of downloads, double check that the listing is legitimate.
5. Is an app asking for unnecessary permissions?
App permissions requests can be telling as well. For instance, a calculator app doesn't need access to your microphone or location data. On the other hand, social media apps like Instagram or TikTok requesting access to your camera and microphone makes sense because you can take pictures or videos from within that software. Similarly, a dating app needing your location data is logical to make geographical matches. Asking for unnecessary permissions without letting you opt out can signal nefarious activity, like apps accessing sensitive data such as call logs or your Wi-Fi connections, for example. Know that most apps let you use the app even after denying permissions, and you can always briefly toggle on those permissions for legitimate uses.
What permissions does accepting a service agreement grant the apps on your phone?
Other warning signs to watch for
While it's important to actually read a policy agreement, there are other warning signs you can spot. If your device is acting suspiciously after installing an app -- unusually fast battery draining, freezing, crashing or overheating -- an app could have infected your device with malware. Granted, poor performance after an app installation or update is probably the result of something benign, like unoptimized software or a resource-intensive app running in the background. But there’s a chance that a malfunctioning phone could be suffering from spyware bundled with a nefarious app. Keep your device protected with the best antivirus software on the market.