Free apps and software can be great, but at what cost does free become dangerous? These can become dangerous when the app or software misleads or leaves out what the app is really about. Free becomes dangerous when the app requests access to unneeded data, especially confidential data. Researchers in 2023 discovered 17 free VPN (virtual private network) apps on the Google Play Store that were actually malicious despite claiming to be legitimate services. In this instance, these apps offered free VPN services, but then used your devices to route malicious activities unbeknownst to the user.
Mobile app safety
“Apple and Google wouldn’t allow a malicious app in either of their stores, so this free VPN app has to be safe.” “Same for this password manager app, it just has to be safe!” “This free antivirus was a search result, it should be safe to use.” We have all said one of these or know someone who has said one before.
The reality is, just because it was in an app store or was a search result, even a top result, does not mean it is safe. Cybercriminals do their best to get their app or software listed at the top, sometimes even paying for that “advertised” location.
Minimize your risk
So what can you do? Oftentimes free comes at a cost, but at what cost. That cost is usually access to your data and information. An obvious example is social media apps. They are typically free to use platforms, but they collect things like your name, location, purchases, messages, what other sites you use, and so much more.
Years ago I recall numerous flashlight apps for Android devices that needed access to your contacts, emails, full account information, device IDs, location, wireless connections, and other absurd permission requests. Yet despite all these obvious red flags, people still downloaded because they needed a flashlight app. Why were these all red flags? I don’t know about you, but I can’t think of any good reason an app that turns my camera flash on and off needs to know who I call and text. How does having that info make the lightbulb on my phone turn on and off?
Before downloading that app or software, scrutinize the permissions it’s asking for. Also scrutinize what it says it will do with your user data. I will also search for that app or software in a search engine and review the results. Oftentimes unknown apps will have very little results or malicious apps will have many stating they are malicious. I will also read the user reviews and scrutinize their legitimacy. I will also always ask myself if I have ever heard of this app or software before.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!