Apps are shiny and appealing little bits of software, but beware: They're not all trustworthy.

iStockphoto/Thinkstock

How do I know if an app is safe?

When you have a smartphone or a tablet computer (like an iPad), the apps are where it's at. If this lingo is new to you, an "app" is just short for "application." While it can mean any piece of computer software that helps you with a specific task -- what you'd probably just call a "program" on your laptop or desktop computer -- when it's on something mobile, it's an app. Games, programs that let you watch TV shows, weather trackers ... they're all apps.

All devices come preloaded with some of them, but you always want more. To find apps, you go to a store, known as a digital distribution platform (which one depends on your mobile device). For example, if you have an Android phone, you'll go to Google Play (formerly Android Market), and if you have an iPhone, it'll be the Apple App Store. There are also third party platforms not controlled by a mobile provider, such as the Amazon App Store.

Once you're looking in the store, you might be overwhelmed by the array of choices. In the Google Play Store alone there are over 500,000 apps. I'm an insomniac, so I went looking for an app in Google Play that claimed to be able to hypnotize me to sleep. There were 180 results, and the cost ranged from free to $4.99. All of the distribution platforms allow independent developers to publish their products and get a cut of the sales. That means any individual with the knowledge to create an app can sell it. But how do I choose? One of my first concerns is which apps are safe.

People who would never dream of downloading an email attachment from a stranger buy apps without considering the possible consequences. Some apps are malicious -- they contain viruses, worms, malware or some other way of harming you. They might steal things like your personal information, others' contact information, or passwords and share them with others. Luckily, there are steps you can take to avoid downloading a malicious app.

Permission to Do What?

There are more than 100 different types of permissions, and many apps ask for more permissions than they actually need. Even worse, most people don't know what they mean. Here's a list of just a few of the most common:

  • Storage: modify/delete USB storage contents -- apps that store anything (like pictures and video) will require this.
  • Device calls: read device state/identity -- some apps require this to be able to do something like "pause" when you get a phone call.
  • Network communication: full Internet access -- this often related to ads too; the app needs to access the Internet to download the ads.
  • Your location: coarse (network-based) location -- many games with ads require this so it can deliver targeted ads.
  • System tools: prevent device from sleeping -- usually means that when you're using the app, it will keep your phone from going to sleep or in a power save mode.
  • Your personal information: read contact data -- any social media or messaging app needs to access your contact information so you can use them with your friends.

Steps to Safe Apps

The first step to making sure that your apps are safe is to download security software. You have it on your computer, right? Your phone needs it too. The most basic ones will scan your apps for anything that looks suspicious, but you can also find ones that enable you to locate your phone or even wipe its data remotely if it gets lost or stolen, or perform data backups. You might not be able to find one that does everything you want for free, but most of them aren't more than $40 per year -- a small price to pay when you think of the damage that someone could cause with, say, the credit card number stored in your Amazon account.

OK, so how do you know that the security app itself is safe? Do some research. I chose my security app by going online and reading reviews and articles about the best ones for my Android phone. All of the download platforms also have customer reviews, so that's a good place to go when you've narrowed down your choices. Just take the reviews with a grain of salt -- if every single one of them is glowing and uses similar language, they might be fake. Some unscrupulous developers employ people to leave fake positive reviews to boost their sales.

Also look specifically at the app's developer. Many of them will have websites. You can also see which other apps they've developed. Major publishers of the most popular games, for example, aren't going to put out malicious apps. It's also safest to stick with the most well-known platforms, like the ones associated with your phone's operating system. They have systems in place to evaluate apps before they go up for sale, as well as quickly identify and remove malicious ones.

When you have chosen an app -- no matter what kind it is -- look at the permissions that it requires before you download. Some apps will request permission to see your location, information about the phone calls you make, or the ability to read and write to your SD card. Carefully consider whether the app actually needs to do whatever it's asking. An app that helps you locate restaurants nearby would need to know your location, but should an app that helps you create lists? I say "request" but in reality, the app is telling you what it will do and it's up to you to either take it or leave it. Check the sidebar for some of the most common permissions. If you follow these basic steps, you should be able to avoid the most malicious apps and make sure the ones you already have are safe.

Author's Note

I was late to the game in terms of smartphones, so when I finally got one I felt a bit overwhelmed when it came to installing apps. Recommendations from friends helped, and the first thing I did was install some highly touted security software. Free apps are always my favorites, but I've come across more than one that sounds good in terms of what it can do, but it had horrible reviews with complaints about the permissions. Luckily I've never gotten burnt by a malicious app, but I know people who have. I'd like to think that most app developers are just trying to make a good product and make money, but as with most things there are always a few bad eggs.

Sources

  • Hildenbrand, Jerry. "Android 101: What some of those scary application permissions mean." Android Central. July 9, 2011. (Sept. 17, 2012) http://www.androidcentral.com/look-application-permissions
  • Hoffman, Chris. "How App Permissions Work & Why You Should Care [Android]." Make Use Of. May 21, 2012. (Sept. 17, 2012) http://www.makeuseof.com/tag/app-permissions-work-care-android/
  • Jordan Goodson, Tecca. "How to avoid malicious apps on your phone." USA Today. April 9, 2012. (Sept. 17, 2012) http://www.usatoday.com/tech/news/story/2012-04-09/malicious-security-apps/54127696/1
  • Kassner, Michael. "Bad Apps: Avoid Them." Tech Republic. July 1, 2011. (Sept. 16, 2012) http://www.techrepublic.com/blog/smartphones/bad-apps-avoid-them/2990
  • Perez, Sarah. "Dear iPhone Users: Your Apps Are Spying On You." ReadWriteWeb. Aug. 16, 2009. (Sept. 16, 2012) http://www.readwriteweb.com/archives/dear_iphone_users_your_apps_are_spying_on_you.php
  • McPherson, Frank. "Android App Permissions Explained." Social Times. July 29, 2010. (Sept. 16, 2012) http://socialtimes.com/android-app-permissions-explained_b47761
  • Perlroth, Nicole and Nick Bilton. "Mobile Apps Take Data Without Permission." The New York Times Bits Blog. Feb. 15, 2012. (Sept. 16, 2012) http://bits.blogs.nytimes.com/2012/02/15/google-and-mobile-apps-take-data-books-without-permission/
  • Purdy, Kevin. "How Can I Tell If An Android App is Malware?" Lifehacker. Nov. 2, 2010. (Sept. 17, 2012) http://lifehacker.com/5679471/how-can-i-tell-if-an-android-app-is-malware
  • Rowinski, Dan. "[Infographic] Pay Attention to Mobile App Permissions!" ReadWriteWeb/Mobile. Aug. 20, 2012. (Sept, 17, 2012) http://www.readwriteweb.com/mobile/2012/08/infographic-pay-attention-to-mobile-app-permissions.php
  • Smith, Gerry. "'Find and Call': Apple Removes First Malicious App To Enter App Store." Huffington Post, July 6, 2012. (Sept. 16, 2012) http://www.huffingtonpost.com/2012/07/06/find-and-call-apple_n_1654076.html