Keep Your Phone Safe by Avoiding These 5 Red Flags When Downloading Apps
From privacy policies to permissions and reviews, here's what to watch for when downloading apps.
Moe LongSenior Editor
Moe enjoys making technical content digestible and fun. As a writer and editor for over a decade, he has bylines at MakeUseOf, WhistleOut, TechBeacon, DZone, Tech Up Your Life, and Electromaker. When he's not hammering away at the keyboard, Moe enjoys spending time with his partner and dog, listening to vinyl, and watching film.
Shelby Brown (she/her/hers) is an editor for CNET's services team. She covers tips and tricks for apps, operating systems and devices, as well as mobile gaming and Apple Arcade news. Shelby also oversees Tech Tips coverage. Before joining CNET, she covered app news for Download.com and served as a freelancer for Louisville.com.
She received the Renau Writing Scholarship in 2016 from the University of Louisville's communication department.
1. Are you using a third-party app store or sideloading apps from a shady website?
One of the easiest ways to remain safe when downloading mobile apps is by sticking to the official app stores: Google Play for Android and Apple’s App Store. Google and Apple vet apps before allowing listings. While malicious or unsafe applications occasionally slip through the cracks, Apple and Google remove them swiftly. Additionally, first-party app stores further bolster your safety. Google Play Protect scans devices and apps for detrimental activity. The Google Play Store even hides apps that haven’t been updated for years and therefore might suffer from security vulnerabilities.
Because the official Apple and Google Play app stores offer properly scrutinized, updated versions of applications, we suggest downloading from those sources directly rather than alternatives like APKPure or Aptoide. If you do use third-party app marketplaces, stay with reputable sites like the Amazon App Store or Samsung Galaxy Store. Under rare circumstances when you’ve got no choice other than sideloading, download apps directly from the official website for that software.
Policies that want an implicit agreement or implicit consent should raise a red flag. Nader Henein, a senior research director and fellow of information privacy at Gartner, warns that privacy policies with implicit agreements should raise your eyebrows. Rather than opting in, a terms of service agreement might state something like "by using this app, you agree to A, B and C." With implicit agreements, you’re not giving your consent, but rather a general disclaimer opts you in. Instead, privacy policies and terms of service should provide explicit consent, where you have to accept before using an app. But make sure you actually read the agreements.
Are you strapped for time? Try the Terms of Service; Didn't Read (TOSDR) browser addon. As the name suggests, TOSDR -- a grassroots project where anybody can collaboratively review the terms and policies of any website -- digests the documents asking for your compliance and transforms them into something quick and readable. ToS;DR sorts privacy policies and website terms into different classes, with Class A being very good and Class E being the worst. In addition to the class score, contributors can rate sections of the terms as Good, Bad, Blocker or Neutral.
3. Is the app monetized by collecting and selling your data?
Monetizing apps with ads is pretty common. Often, ad-supported apps remain free or largely available at no-cost while still generating revenue for continued development -- like introducing new features or patching security vulnerabilities. But in-app advertisements typically mean an application is profiting by selling your data. Collecting certain necessary information is admittedly helpful, like monitoring app crashes for the purposes of fixing bugs or viewing errant clicks to improve a poorly designed user interface.
However, collecting lots of information that is sold to third-party advertisers or could potentially be stolen in a data breach might give you pause. Check what a policy agreement says about data collection before hitting download. Plus, think about how an app makes money, especially if it's free to download. Ads and microtransactions explain free or freemium (a portmanteau of “free” and “premium”) applications, but if there’s no clear monetization method, it’s possible your data is being sold.
4. What are the app reviews, and how many times has it been downloaded?
Before downloading an app, check reviews. If an app mostly has low ratings, it could be buggy or disreputable. Either way, a poor user rating should make you think twice before installing software. Similarly, if a popular app like Spotify, Netflix or Instagram only has a small number of downloads, double check that the listing is legitimate.
5. Is an app asking for unnecessary permissions?
App permissions requests can be telling as well. For instance, a calculator app doesn't need access to your microphone or location data. On the other hand, social media apps like Instagram or TikTok requesting access to your camera and microphone makes sense because you can take pictures or videos from within that software. Similarly, a dating app needing your location data is logical to make geographical matches. Asking for unnecessary permissions without letting you opt out can signal nefarious activity, like apps accessing sensitive data such as call logs or your Wi-Fi connections, for example. Know that most apps let you use the app even after denying permissions, and you can always briefly toggle on those permissions for legitimate uses.
Other warning signs to watch for
While it's important to actually read a policy agreement, there are other warning signs you can spot. If your device is acting suspiciously after installing an app -- unusually fast battery draining, freezing, crashing or overheating -- an app could have infected your device with malware. Granted, poor performance after an app installation or update is probably the result of something benign, like unoptimized software or a resource-intensive app running in the background. But there’s a chance that a malfunctioning phone could be suffering from spyware bundled with a nefarious app. Keep your device protected with the best antivirus software on the market.