NEWS: Ensuring Mobile Safety: Avoid These 5 Warning Signs When Downloading Apps

February 22, 2024


The Importance of Vigilance in App Downloading Practices


In the modern era, mobile applications have become an integral part of our lives, providing us with a multitude of conveniences ranging from email checking, music and movie streaming, to secure work access. However, as the number of apps we download and install increases, so does the risk associated with them. A study by York University in Toronto and the University of Connecticut revealed that many users unknowingly consented to give their future firstborn children to a fictitious company named NameDrop, highlighting the lack of due diligence when it comes to reading terms of service (ToS) and privacy policies, or verifying the permissions required by an app.


Despite the efforts of companies like Apple and Google to prevent app tracking across iOS and Android, it remains crucial to remain vigilant during app installation. This article outlines several warning signs to look out for when downloading apps.


The Risk of Third-Party App Stores and Sideloaded Apps


One of the simplest ways to ensure safety when downloading mobile apps is to use official app stores such as Google Play for Android and Apple’s App Store. These platforms meticulously scrutinize apps before listing them. Although occasionally, harmful or unsafe applications may slip through, they are quickly removed by Apple and Google. These first-party app stores also employ additional safety measures. For instance, Google Play Protect scans devices and apps for harmful activity, and the Google Play Store conceals apps that haven’t been updated for years and may have security vulnerabilities.


We recommend downloading apps directly from official Apple and Google Play app stores rather than alternative sources like APKPure or Aptoide. If you must use third-party app marketplaces, stick to reputable sites like the Amazon App Store or Samsung Galaxy Store. In rare cases where sideloading is the only option, ensure that you download apps directly from the official software website.


The Complexity of App Privacy Policies and Terms of Service


If you aren’t meticulously reading each app’s ToS agreement or privacy policy before accepting, you’re in the majority. However, a warning sign to be aware of is when an app’s ToS or privacy policy is so complex that it’s incomprehensible. While intricate language could be harmless, such as poor writing, apps with ToS or privacy policies that obscure what you’re agreeing to are deceptive and should be avoided. A good rule of thumb is not to agree to anything you don’t fully understand. Be sure to look for information on what data is being collected and how it’s used.


Privacy policies that require implicit consent should also be a cause for concern. Nader Henein, a senior research director and fellow of information privacy at Gartner, cautions against privacy policies with implicit agreements. Instead of opting in, a ToS agreement might state something like “by using this app, you agree to A, B, and C.” With implicit agreements, you’re not giving your consent, but a general disclaimer opts you in. Privacy policies and ToS should provide explicit consent, where you have to accept before using an app. But remember, it’s crucial to read the agreements thoroughly.


Simplifying Terms of Service and Privacy Policies with TOSDR


If you’re short on time, consider using the Terms of Service; Didn’t Read (TOSDR) browser addon. TOSDR is a collaborative project where anyone can review the terms and policies of any website. It simplifies these documents into a quick and readable format. TOSDR categorizes privacy policies and website terms into different classes, with Class A being the best and Class E being the worst. Chapter 1: Evaluating App Classifications and User Ratings


In addition to a general class score, users can provide their evaluations for different sections of the terms, categorizing them as Good, Bad, Blocker, or Neutral. A critical aspect to consider is whether the app is generating revenue by gathering and selling user data. It is not uncommon for apps to be monetized using advertisements. A majority of ad-supported apps are either free or available at a minimal cost, which helps generate income to support ongoing development, such as releasing new features or addressing security flaws. However, the presence of in-app advertisements often implies that the app is profiting from your data.


While it is acceptable for apps to collect certain essential information, such as tracking app crashes to rectify bugs or observing incorrect clicks to enhance a poorly designed user interface, the collection of extensive data that is either sold to third-party advertisers or at risk of being compromised in a data breach should be a cause for concern. It is recommended to review the policy agreement’s details about data collection before proceeding with the download. Furthermore, consider the app’s revenue model, especially if it is available for free. If there’s no evident monetization strategy, your data might be at risk of being sold.


The Importance of App Reviews and Download Counts


Before deciding to download an app, it’s essential to scrutinize the reviews. If an app consistently receives low ratings, it might be indicative of technical issues or a questionable reputation. In any case, poor user ratings should serve as a red flag, making you reconsider before installing the software. Similarly, if a widely popular app like Spotify, Netflix, or Instagram has only been downloaded a limited number of times, it’s worth verifying the listing’s authenticity.


Understanding App Permission Requests


The permissions an app requests can also be revealing. For example, a calculator app has no legitimate need to access your microphone or location data. In contrast, it’s logical for social media apps like Instagram or TikTok to request access to your camera and microphone, given that these features are integral to the app’s functionality. Likewise, a dating app requiring your location data makes sense for facilitating geographical matches. However, if an app requests unnecessary permissions and doesn’t provide an option to opt-out, it could be a sign of malicious activity. This could include accessing sensitive data such as call logs or your Wi-Fi connections. It’s important to note that most apps allow you to continue using the app even after denying permissions, and you have the option to temporarily enable these permissions when necessary.


Identifying Other Potential Warning Signs


While thoroughly reading a policy agreement is crucial, there are other potential red flags to be aware of. If you notice your device behaving unusually after installing an app, such as rapid battery drainage, frequent freezing, crashing, or overheating, it’s possible that the app has infected your device with malware. While it’s more likely that poor performance following an app installation or update is due to benign issues, such as unoptimized software or a resource-demanding app running in the background, there’s a possibility that a malfunctioning phone could be the result of spyware included with a malicious app. Therefore, it’s essential to keep your device safeguarded with top-tier antivirus software.