Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
Leaving Website

You are now leaving and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Free Smartphone Apps Can Have Hidden Privacy Risks

Often you ‘pay’ through sharing online data or information gathering

spinner image a smartphone displaying a red warning symbol over a gray field
Westend61/Getty / Apple / Nenov/Getty / kundoy/Getty

The digital world is awash in free phone apps — software to help you sleep better, hail a ride or tell English ivy from poison ivy.

Apple and Google alone offer roughly 5.5 million apps combined — most of them free — for playing games, watching movies or making phone calls. Press a few buttons, hit Install and in moments you’re sharing photos or trading stocks.

spinner image Image Alt Attribute

AARP Membership— $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. Find out how much you could save in a year with a membership. Learn more.

Join Now

So much convenience and help at your fingertips sounds great. But is it really? As your folks probably told you and you’ve passed along to your kids: “Nothing’s free.”

This is also why marketing companies own apps such as WeatherBug — New York-based GroundTruth is its parent company — and so many others. The app is the bait. When you bite, they collect and sell your data.

Was this what you expected when you read “free?” Internet use soared during the pandemic as people around the world quarantined and turned to their devices to stay connected.

In 2020, “technology went from a nice-to-have to a must-have, and there’s no turning back,” said Founder and President Liz Hamburg of Candoo Tech in New York, which offers tech support and training for older adults.

This increase follows a trend of older adults adopting technology: Smartphone ownership reached 86 percent among Americans age 50 and older, up from 70 percent in 2017, according to an AARP survey conducted in September and October 2022. An older Pew Research Center survey, conducted in January and February 2021 among 1,500 adults 18 and older, has similar results, showing that 83 percent of adults 50 to 64 own a smartphone, as do 61 percent of respondents 65 and older.

Now is a good time to step back and learn about what you’re getting into when you hover your finger over some apps’ Install buttons.

Worries: Hacking, privacy

8 tips for safe downloading

Using apps on your smartphone usually involves trade-offs. The user gives up some data in exchange for permission to use the app. Here are some tips for safer downloading:

1. Download from the well-known app stores such as Apple App Store and Google Play Store. Don’t forget that Amazon, Samsung and other established companies also provide apps.

2. Never give out your passwords.

3. Don’t grant remote access.

4. Read reviews and ratings. Only download apps that are highly rated, well reviewed and have been around for more than a few weeks or months.

5. Avoid clicking ads.

6. Read the terms and conditions. Read as much of the privacy policy as possible.

7. Avoid giving apps access to your contacts.

8. Ask yourself if you really need the app.

Sources: Liz Hamburg, Candoo; Randy Pargman, Proofpoint; Troy Hunt, Have I Been Pwned

Concerns about phone apps divide roughly into two categories: One is the clearly defined realm of hacking and identity theft. The other is the more debated bucket of privacy.

In one case, you’re pickpocketed and get nothing in return. In the other, you exchange your data for sports scores, stock quotes or weather forecasts.

Free apps and paid apps carry pretty much the same risks, experts tell AARP. Still, Google Play and Apple App stores are overwhelmingly stocked with free apps. At least 85 percent of items offered in both shops are free, according to data from BusinessofApps, a website that caters to app industry professionals, and app store sources.

Paid apps are just as likely to collect your data as their free counterparts, even in cases where a paid app offers more features than the free one, Hamburg says.

Download from known, trusted sources

About the safety of phone apps with respect to data theft: The risk that you will download from Apple or Google an app that permits the theft of your identity or access to your bank accounts or some other kind of nefarious hacking is quite low, said Randy Pargman, former vice president of counterintelligence and threat hunting at Binary Defense in Stow, Ohio, and now Seattle-area based director of theft detection at Proofpoint cybersecurity.

“The percentage of apps that are malicious is vanishingly low,” says Pargman, adding that they are virtually absent from Apple’s App Store but may be more coming from Google Play Store because of an easier process for posting apps.

Still, apps considered to be malware are available, and users must be careful, he says. Nearly 2 percent of the top 1,000 grossing apps in the App Store were scams, stealing $48 million from customers, The Washington Post reported in June 2021.

Technology & Wireless

Consumer Cellular

5% off monthly fees and 30% off accessories

See more Technology & Wireless offers >

Another study from October 2020 led by researchers with NortonLifelock Research Group found that up to a quarter of Android users downloaded what the study called “unwanted” apps, a category that includes malicious software designed to damage a phone or give someone unauthorized access. Most malevolent apps come from sources outside of the Play store, the study said.

In November 2022, a similar research group, California-based Malwarebytes Labs, discovered four Google Play apps with more than a million downloads that triggered pay-per-click and phishing sites to open in an Android phone’s Chrome browser. But the outrageous activity began only after a delay of several days from opening the app, so users had difficulty tracing the reason for their phone’s behavior.

The sources for most dangerous apps are spam texts that take you outside app stores, Pargman says.

“It’s always risky to click on links from texts and email,” says Kathy Stokes, who runs the AARP Fraud Watch Network. “Even when you believe you know the sender, we recommend going to the web address or your app to access the resource, rather than risking the click.”

Privacy, effectiveness is a trade-off

An overwhelming majority of Americans say they’re concerned about the safety and privacy of personal data they provide on the internet, according to an April 2022 Ipsos poll. But behavior might say otherwise.

spinner image membership-card-w-shadow-192x134

Join AARP today for $16 per year. Get instant access to members-only products and hundreds of discounts, a free second membership, and a subscription to AARP The Magazine.

When you add an app to your phone, you give up some of your right to be left alone. You give away more rights with some apps than others.

A weather app or a mapping app will need to know where you are. Others ask users for access to their phone contacts, photos and other information. Many people give up that information without thinking twice.

Why do this? For starters, apps are cool, useful, helpful, fun. They offer connectedness and convenience. You want to order and pay for a grocery delivery from your phone, and for this convenience, this incredible time savings, you agree to let a computer track your browsing history.

Is that so bad? We grumble and then accept. Trade-offs are the name of the game.

If you’re not happy about that, you must take steps:

  • Do what almost nobody does and read the fine print.
  • Read the privacy policies and the user agreements.
  • Don’t install without reading reviews and maybe even find out who owns the app.

Cybercrime expert Troy Hunt suggests keeping in mind the idea of “data minimization” if you want to hang on to as much privacy as possible. He recalls how the Google Play Store was offering free flashlight and fart generator apps, which required excessive permissions to use.

“How do we give just enough information to perform the task we’re using the app for?” says Hunt, a Microsoft regional director in Australia who has testified about cybercrime before the U.S. Congress. “With a weather app, sharing your geo location is relevant and useful. But sharing your contact data is excessive, not minimization.”

This story, originally published Sept. 1, 2021, has been updated to reflect fresh research.

Discover AARP Members Only Access

Join AARP to Continue

Already a Member?