Most of us spend most of our days inside apps of one type or another, and if you’re looking for a new one, there’s no shortage: You’ll find around 1.6 million of them in the iOS App Store alone, for example, which is enough to last several lifetimes. Now, while the majority of these apps are perfectly benign and helpful, that’s sadly not the case for all of them.
In this month alone, close to 200 malware-harbouring Android apps were spotted, accounting for some 30 million installations. While app stores from Apple, Google, Amazon, Microsoft and others offer a lot of protection against malicious apps, they’re not infallible guardians, and you may be sourcing some of your apps from the wider web — especially on desktop.
Apps that you shouldn’t trust run the whole gamut from those actively trying to get access to your bank accounts, to those tracking your location a bit more often that you’d ideally like. There are ways to protect yourself though — and we’ve outlined some of the warning signs to look out for below.
This isn’t an exact science, and there’s no checklist you can go through to say that an app is definitively trustworthy or untrustworthy. However, there are clues to look out for, which might just be enough to point you away from an app you shouldn’t be dealing with, and keep your devices well protected.
Check the user reviews — carefully
User reviews are typically the first place to check an app’s trustworthiness, especially on mobile, but treat them with caution — they’re not all that difficult to fake. Look for reviews that are a decent length, that appear to have a genuine person attached to them, and that don’t read as if they’ve been auto-generated by a bot.
Even when reviews are real, watch out for bias: Users are more likely to take the effort to report a problem with an app rather than general satisfaction with it. If there are complaints and low ratings, see what the specific problems are — and check if the developer has responded and been helpful.
It’s more difficult with desktop apps you get from the web — they may have “user testimonies” on their site, but it’s hard to know if they’re genuine too. Look for mentions of the app on places like Reddit or Twitter, or search for reviews in the press or on independent ranking portals such as Trustpilot.
Check the developer’s history
As we mentioned, this isn’t an exact science: There’s nothing necessarily wrong with a brand new developer that is debuting their first app. That said, the trustworthiness of an app goes up if the developer has a strong track record, and is also offering multiple other apps that you can see are proving popular.
A visible online and social media presence can help you figure out if a developer can be trusted too. On the other hand, if you’re struggling to find anything out about a software coder or a software studio, that might be a sign to be cautious. Typically, developers are very keen to promote their work and make themselves available.
On the Google Play Store on Android, if you go to an app’s page you can tap About this app to see how long the app has been around for, or the developer name (under the app title) to see the other apps they make. On the Apple App Store on iOS, from an individual app page you can tap Version History to see if an app has been around for a while, or the developer name (at the top) to see their other apps.
Check how the app is funded
There are perfectly trustworthy free and open source programs out there, but not all that many — most apps are either funded by an up-front payment, an ongoing subscription, or adverts that may or may not be targeted around your location, interests, and anything else that the app has managed to get out of you.
It can be the case that apps that are free or very cheap are taking more from you in terms of data collection, and putting more ads in front of you. Be cautious with free apps that don’t have any obvious source of funding, especially if you’re seeing other red flags as well — you might be paying in ways that you don’t realise.
At the same time, you don’t want to be paying over-the-odds for something that’s not worth it or even malicious. There’s no right or wrong approach, but what you’re paying for an app and how you’re paying for it are other considerations to weigh up alongside everything else we’ve mentioned.
Check the permissions the app needs
The official app stores for Windows, macOS, Android and iOS are all now very good at listing the permissions an app needs before you install it. Apple’s platforms are particularly comprehensive and will tell you plenty about the user data that the app is wanting to have access to as well.
You can check app permissions after installation too: Under Privacy & security in Windows Settings, under Privacy & Security in macOS System Settings, under Security and privacy, Privacy, and Permission manager in Android Settings, and under Privacy & Security in iOS Settings.
What you’re looking for here is anything that doesn’t look right: Permissions that overreach the remit of the app, in particular. If apps are asking for personal information, such as your location or your contacts list, make sure they’re giving good reasons for it.
Check the apps you’re already using
Unfortunately the danger isn’t necessarily over after you’ve installed an app and been happily using it without any problems. Apps that have been abandoned by their original developers can be taken over by other parties, while apps that originally look perfectly fine can change names and purposes with an update.
All this means that you need to keep a close eye on the apps you’ve got installed on whatever platforms you’re using — be sure to do a regular audit and get rid of older apps that you’re no longer using. If you keep apps installed, make sure they’re still working as originally advertised.
As we’ve written about before, you should delete any accounts associated with these apps, as well as removing the apps themselves from your devices. It means that you and your data are fully extricated from the app, giving you more protection and removing any connections that could be exploited in the future.