5 ways to tell if an app is safe before downloading

The dangers of an unsafe app

Depending on the nature of a smartphone app, it might be hard to see what damage it could do. A mobile game might not seem very threatening. However, the software might capture private data that the user doesn't wish to share externally. This data might originally be used to improve the quality of the service, which is a common occurrence and not cause for alarm. However, an unsafe app may also permit the sharing or selling of this data to undisclosed or bad actors.

Another way an app can cause harm is by requesting access to unnecessary functions, such as the camera or messages, to scrape data better. This involves extracting user data and saving it in a structured format in an external location. A user may not want to authorize this but may still do so if they cannot access the app without it. Sometimes, this may be benign – but an unsafe app can take advantage.

Lastly, as in the SparkCat case, an unsafe app may be encrypted with mobile malware that can access other material on the device outside of the approved app permissions. This malware could steal private information and lead to identity theft, fraud or other malicious intent.

How to check if an app is safe to download

While some basic level of vetting may occur before an app is approved for the Apple and Google app stores, its inclusion does not guarantee safety. There is no single way to ensure an app's safety. However, users can take several steps to increase their confidence in a new app's security.

1. Investigate the app's publisher

The first step is to verify who has made the app in question, which is displayed underneath the application's name in the app store. In some cases, there is a registered mark to confirm the legitimacy of the vendor, such as in the case of banking applications. Users can feel more confident that this application is legitimate and safe if the name is recognizable and part of a reputable brand. If the vendor is unfamiliar, see if they have published other apps by clicking on the vendor's name. This should take the user to their developer page, listing other published apps. If several unrelated products are in the catalog, this could be a sign that they are running a scam and simply trying to flood as many markets as possible.

Another approach is to research the vendor online—outside the app store. Look for more information about the vendor online, such as an official website, customer testimonials, or related media coverage. This should give an idea of whether the vendor is legitimate or not.

2. Look at the numbers

Review the application's publish date and number of downloads. An app with a large customer base cannot prove its safety; it could be a successful con. Similarly, an app having been around for a long time is not proof that it operates above board. However, combining many downloads over a long lifespan is a good sign that the app has proved trustworthy. Consistent popularity suggests that the app delivers on its promises without compromising security.

3. Check the reviews

Popular apps with a large user base are bound to have a few negative reviews, so don't rely on an app with a perfect 5-star score. However, a safe and successful app should still have a high average rating. It is wise for a prospective user to check out some of the 1-star reviews and see the complaints to verify if there are safety or data security concerns. It can also be helpful to look at the proportion of 1-star reviews to 4-star reviews. If these numbers are near-equal – or if there are more 1-star reviews than 4-star reviews – this could be a sign that the 5-star reviews are from bots and that real customers are not happy with the app. While this might result from a bad design, it could also be a sign of malicious intent from the developer.

4. Review the app's privacy policy

Users may feel inundated with privacy policies if they use many digital services, but these policies are worth reviewing – especially if an app's safety is in doubt. To locate the policy, look at the app's page within the app store and search under the "details" section.  

The policy contains information about how the vendor plans to use any data it collects following the California Consumer Privacy Act. Even if the user doesn't reside in California, they can access this information through the privacy policy. As a shortcut, search for words such as "sell" or "selling" to see if data is sold to other parties and in what ways. Users can gain greater insight into whether this app feels safe based on the language used and the terms described within the policy. If the terms are vague or poorly worded, this could be a sign not to trust the vendor.

5. Look at the app's permissions

Many apps will request permission to access other parts of the user's phone to improve the quality of the service. A popular example is the image-based social media platform Instagram, which requests access to the camera for in-app photography. This is not bad or dangerous. However, some apps may ask for access to suspicious and unnecessary functions. For instance, if a health tracking app wanted also to access the messages app, that might throw a red flag.

While it should be possible to customize the shared permissions after downloading the app, the access request can still be a warning sign that the app has some malicious intentions. Downloading the app first and checking the permissions later can be dangerous. Instead, review the permissions before downloading. Any smartphone user can look up the app on play.google.com and click 'view details' under the 'permissions' section. This should show all the applications the app will request to access, giving an idea of the vendor's intentions.

Madeleine Streets is a senior content manager for WhatIs. She has also been published in 'TIME,' 'WWD,' 'Self' and Observer.'