Free Smartphone Apps Can Have Hidden Privacy Risks
Often you 'pay' through sharing online data or information gathering
Getty / Apple
En español | The digital world is awash in free phone apps — software to help you sleep better, hail a ride or tell English ivy from poison ivy.
Apple and Google alone offer more than 7.2 million apps — most of them free — for playing games, watching movies, making phone calls. Press a few buttons, hit “Install” and in moments you're sharing photos or trading stocks.
So much convenience and help at your fingertips sounds great. But is it really? As your folks probably told you and you've passed along to your kids: “Nothing's free."
This is also why marketing companies own apps such as WeatherBug — New York-based GroundTruth is its parent company — and so many others. The app is the bait. When you bite, they collect and sell your data.
Was this what you expected when you read “free?" Internet use soared during the pandemic as people around the world quarantined and turned to their devices to stay connected.
AARP Membership -Join AARP for just $12 for your first year when you enroll in automatic renewal
Join today and save 25% off the standard annual rate. Get instant access to discounts, programs, services, and the information you need to benefit every area of your life.
"Last year technology went from a nice-to-have to a must-have, and there's no turning back,” says CEO Liz Hamburg of Candoo Tech in New York, which offers tech support and training for older adults.
This increase follows a trend of older adults adopting technology: Smartphone ownership jumped to 85 percent among Americans age 50 and older, up from 70 percent three years earlier, according to an AARP survey conducted in September and October 2020. A Pew Research Center survey conducted in January and February 2021 has similar results: that 83 percent of adults 50 to 64 own a smartphone, as do 61 percent of respondents 65 and older.
Now is a good time to step back and learn about what you're getting into when you hover your finger over some apps’ Install buttons.
Worries: Hacking, privacy
Concerns about phone apps divide roughly into two categories: One is the clearly defined realm of hacking and identity theft. The other is the more-debated bucket of privacy.
In one case, you're pickpocketed and get nothing in return. In the other, you exchange your data for stock quotes or sports scores or weather forecasts.
8 tips to download apps safely
Using apps on your smartphone will usually involve tradeoffs. The user gives up some data in exchange for permission to use the app. Here are some tips for safer downloading:
1. Download from the well-known app stores such as Apple App and Google Play, and don't forget that Amazon, Samsung and other established companies also provide apps.
2. Never give out your passwords.
3. Don't grant remote access.
4. Read reviews and ratings. Only download apps that are highly rated, well reviewed and have been around for more than a few weeks or months.
5. Avoid clicking ads.
6. Read the terms and conditions. Read as much of the privacy policy as possible.
7. Avoid giving apps access to your contacts.
8. Ask yourself if you really need the app.
Sources: Liz Hamburg, Candoo; Randy Pargman, Binary Defense; Troy Hunt, Have I Been Pwned
Free apps and paid apps carry pretty much the same risks, experts tell AARP. Still, Google Play and Apple's App Store are overwhelmingly stocked with free apps. More than 90 percent of items offered in both shops are free, according to data that BusinessofApps, a website that caters to app industry professionals, has collected.
Paid apps are just as likely to collect your data as their free counterparts, even in cases where a paid app offers more features than the free one, Hamburg says.
Download from known, trusted sources
About the safety of phone apps with respect to data theft: The risk that you will download from Apple or Google an app that permits the theft of your identity or access to your bank accounts or some other kind of nefarious hacking is quite low, says Randy Pargman, vice president of counterintelligence and threat hunting at Binary Defense in Stow, Ohio.
"The percentage of apps that are malicious is vanishingly low,” says Pargman, adding that they are virtually absent from the Apple Store but may be more common on Google's Play store because of an easier process for posting apps.
Still, apps that are considered malware are available, and users must be careful, he says. Last year nearly 2 percent of the top 1,000 grossing apps in the Apple Store were scams, stealing $48 million from customers, The Washington Post reported in June 2021.
Another study from October 2020 led by researchers with NortonLifelock Research Group found that up to a quarter of Android users downloaded what the study called “unwanted” apps, a category that includes malicious software designed to damage a phone or give someone unauthorized access. Most nefarious apps come from sources outside of the Play store, the study said. Pargman added that spam texts are the most likely source for dangerous apps.
"It's always risky to click on links from texts and email,” says Kathy Stokes, who runs the AARP Fraud Watch Network. “Even when you believe you know the sender, we recommend going to the web address or your app to access the resource, rather than risking the click."
Privacy, effectiveness is a tradeoff
As Americans, we say we like our privacy. But our behavior might say otherwise.
When you add an app to your phone, you give up some of your right to be left alone. You give away more rights with some apps than others. For example, a weather app or a mapping app will need to know where you are. Others ask users for access to their photos, phone contacts and other information. Many of us give that information up without thinking twice.
Why do we do this? For starters, apps are cool, useful, helpful, fun. They offer connectedness and convenience. You want to order and pay for a grocery delivery from your phone, and for this convenience, this incredible time savings, you agree to let a computer track your browsing history.
Is that so bad? We grumble and then we accept. We're talking tradeoffs.
If you're not happy about that, you must take steps:
- Do what almost nobody does and read the fine print.
- Read the privacy policies, the user agreements.
- Don't install without reading reviews and maybe even find out who owns the app.
Cybercrime expert Troy Hunt suggests keeping in mind the idea of “data minimization” if you want to hang on to as much privacy as possible. He recalls how the Google Play store was offering free flashlight and fart generator apps, which required excessive permissions to use.
"How do we give just enough information to perform the task we're using the app for?” says Hunt, a Microsoft regional director in Australia who has testified about cybercrime before the U.S. Congress. “With a weather app, sharing your geo location is relevant and useful. But sharing your contact data is excessive, not minimization."
Ronald Day is a contributing writer who covers money and technology. He previously worked for the investment website Karma Impact News and Bloomberg News.