Mobile apps

If you have a smart phone or other mobile device, you probably use apps – to play games, get turn-by-turn directions, access news, books, weather, and more. Easy to download and often free, mobile apps can be so much fun and so convenient that you might download them without thinking about some key considerations: how they’re paid for, what information they may gather from your device, or who gets that information.

Mobile App Basics

What’s a mobile app?  A mobile app is a software program you can download and access directly using your phone or another mobile device, like a tablet or music player.

What do I need to download and use an app?

You need a smart phone or another mobile device with internet access. Not all apps work on all mobile devices. Once you buy a device, you’re committed to using the operating system and the type of apps that go with it. The Android, Apple, Microsoft and BlackBerry mobile operating systems have app stores online where you can look for, download, and install apps. Some online retailers also offer app stores. You’ll have to use an app store that works with your device’s operating system. 

Why are some apps free?

  • Some apps are distributed for free through app stores; the developers make money in a few ways:
  • Some sell advertising space within the app. The app developers can earn money from the ads, so they distribute the app for free to reach as many users as possible.
  • Some apps offer their basic versions for free. Their developers hope you’ll like the app enough to upgrade to a paid version with more features.
  • Some apps allow you to buy more features within the app itself. Usually, you are billed for these in-app purchases through the app store. Many devices have settings that allow you to block in-app purchases.
  • Some apps are offered free to interest you in a company’s other products. These apps are a form of advertising. 

Questions About Your Privacy

What types of data can apps access?

When you sign up with an app store or download individual apps, you may be asked for permission to let them access information on your device. Some apps may be able to access:

  • your phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how you use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If you’re providing information when you’re using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting your data, they may share it with other companies.

How can I tell what information an app will access or share?  It’s not always easy to know what data a specific app will access, or how it will be used. Before you download an app, consider what you know about who created it and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

If you’re using an Android operating system, you will have an opportunity to read the “permissions” just before you install an app. Read them. It’s useful information that tells you what information the app will access on your device. Ask yourself whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read your text messages.

Why do some apps collect location data?  Some apps use specific location data to give you maps, coupons for nearby stores, or information about who you might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on your interests and your location.

Once an app has your permission to access your location data, it can do so until you change the settings on your phone. If you don’t want to share your location with advertising networks, you can turn off location services in your phone’s settings. But if you do that, apps won’t be able to give you information based on your location unless you enter it yourself.  Your phone uses general data about its location so your phone carrier can efficiently route calls. Even if you turn off location services in your phone’s settings, it may not be possible to completely stop it from broadcasting your location data.

Questions About Advertising.  Why does the app I downloaded have ads in it?  Developers want to provide their apps as inexpensively as possible so lots of people will use them. If they sell advertising space in the app, they can offer the app for a lower cost than if it didn’t have ads. Some developers sell space in their apps to ad networks that, in turn, sell the space to advertisers.

Why do I see the ads I do? Advertisers believe you’re more likely to click on an ad targeted to your specific interests. So ad networks gather the information apps collect, including your location data, and may combine it with the kind of information you provide when you register for a service or buy something online. The combined information allows the mobile ad network to send you targeted ads – ads that may be relevant to someone with your preferences and in your location.

Malware and Security Concerns.  Should I update my apps?  Your phone may indicate when updates are available for your apps. It’s a good idea to update the apps you’ve installed on your device and the device’s operating system when new versions are available. Updates often have security patches that protect your information and your device from the latest malware.

Could an app infect my phone with malware?  Some hackers have created apps that can infect phones and mobile devices with malware. If your phone sends email or text messages that you didn’t write, or installs apps that you didn’t download, you could be looking at signs of malware.  If you think you have malware on your device, you have a few options: you can contact customer support for the company that made your device; you can contact your mobile phone carrier for help; or you can install a security app to scan and remove apps if it detects malware. Security apps for phones are relatively new; there are only a few on the market, including some with free versions.

Mobile App User Reviews.  Can I trust all the user reviews I read about an app?  Most app stores include user reviews that can help you decide whether to download. But some app developers and their marketers have posed as consumers to post positive comments about their own products. In fact, the Federal Trade Commission recently sued a company for posting fake comments about the apps it was paid to promote.

Apple iPhone Safety

To prevent losses associated with fraudulent apps, we suggest all iOS users read the reviews and check ratings before buying an application. Do not believe in magical features that do not exist in your phone, no app is able to do things that Apple does not allow.

If you were the victim of such apps, you can try asking Apple to refund your money, by following these steps:

  1. Open iTunes and select the iTunes Store link in the left-hand column;
  2. Near the top right corner, click the arrow next to your username (email address) and then select Account;
  3. About halfway down the screen, click the Purchase History button;
  4. In the bottom portion of the screen, you will see your App Store purchase history – click the Report a Problem button;
  5. Locate the iTunes invoice with the application you would like a refund for, and click the Report a Problem link
  6. Fill out the form that follows and be sure to be as detailed as possible – when finished, click Next
  7. If your reason for requesting a refund is valid, Apple should respond within a few days and process your refund within a week.

Android App Safety

When an app is installed, the system will always display the permissions requested. The user can use this at a glance to evaluate an app’s intentions. If a relatively simple app, like a wrapper for a website, asks for permission to send and receive SMS messages, that is a serious red flag. In fact, a large number of these so-called “SMS Trojans” are in circulation around the seedier parts of the web. When installed, they text premium rate numbers to rack up charges. The same concern exists for apps that include phone calling permissions; they could call premium rate numbers without the user’s knowledge.

Android permissions

  • Another important permission to be on the lookout for is access to the contact list, and Google accounts. If an app has no business looking at this data, there is a chance that it’s just malware designed to harvest user data for spamming or phishing scams. The only time one might expect to see this permission is in apps that autocomplete contact names, or handle legitimate messaging actions.
  • Of less concern financially, but still a sign of shady behavior, is the location permission. This can come in either Fine (GPS) or Coarse (Network) varieties. An app that doesn’t need this data for its essential function could be using it for something as innocuous as location-aware ads, but there is a darker possibility as well. Questionable app could harvest a user’s exact location, store it over time, and sell that to advertisers.
  • The best way to stay safe on Android is to just stick to established apps from the official Android Market or the Amazon Appstore. While bad apps do occasionally show up in the Market, Google removes them swiftly and can remotely kill the apps on phones.
  • Most of the truly dangerous threats have been detected on forums and third-party websites masquerading as well-known apps. Basically, don’t install a version of “Cut the Rope” obtained from a Chinese pirated software forum. By leaving the Unknown Sources option disabled in the Android settings, apps cannot even be sideloaded from other sources, which blocks this vector completely.
  • It just takes a little forethought to avoid the most serious Android malware threats out there. Sticking to the official application repositories is a good policy, as is checking out the permissions for an app. Users might even prefer to leave the Unknown Sources option disabled. There is now good evidence that free Android antivirus apps just don’t work, and could even cause users to believe they are protected, and thus take more risks. Paid antivirus apps work better, detecting more threats, but still fall short of the mark. In the end, it is still very much up to the user to be on the lookout for suspicious behavior in order to stay safe.