Is That App Sketchy? Here Are 3 Easy Ways To Check.

You could spend your remaining days reading privacy policies. Or take just a few minutes to do these checks for red flags.

3 Min Read
suspicious executive checking smart phone sitting on a desk at the office

Downloading an unfamiliar app is like inviting a stranger into your home. It will probably be okay, but it’s smart to do some checking first.

Companies have every incentive to gobble personal information from your phone or nag you to pay for a crummy app. It’s unfair, but you’re mostly on your own to preserve your privacy, security and safety from scams.

You don’t need to be Sherlock Holmes to sleuth out potentially suspect apps. Just spend a few minutes doing these three spot checks to look for red flags:

No one reads privacy policies, but California law gives you a shortcut to just the juicy parts.

The state requires companies to give a clear explanation of what information they collect and what they do with it.

(To find the documents, I search the web for the app name and “privacy policy.") Then search for “sell” or “selling," suggested Jen Caltrider, a privacy researcher with the Mozilla Foundation. Or try “California" or “state.”

Searching The Washington Post’s privacy policy for “selling” jumps straight to a paragraph that says the company and its advertisers collect the approximate location of your phone or computer (“IP addresses”) and the places you surf around the web (“cookies”).

The Post says it shares that information with other companies or mixes it with other businesses’ databases about you to target ads.

Related:How to Configure a Business VPN: A Setup Guide for Your Business

The California-mandated disclosures help you make an informed decision about whether you trust a company with this information.

The more data companies have about your whereabouts or your activities, the more risk that information could fall into the wrong hands or be used for unnerving advertising or to jack up your car insurance.

Not all privacy policies have California sections. When they do, it’s a great gut check before you use an app.

Some companies put California data collection disclosures in a handy chart, as Intuit does.

The California-mandated information applies to everyone, though you may not have the privacy legal rights of California residents.

You can also get a vibe from skimming a privacy policy.

This one from podcast app Pocket Casts is admirably clear. Or if a privacy policy is super vague like Wombo’s, whose app generates AI images like a pregnant Travis Kelce, Caltrider said that’s a potential red flag.

Check the Popularity of One-Star Reviews

In smartphone app store ratings, five stars are typically the most common, said Adam Lynn, a researcher for Reset.Tech, an organization supporting democratic values in digital media.

If one-star ratings are the second-most common, Lynn said that’s abnormal and not a great sign of customer satisfaction.

The iPhone app store and Android’s Google Play store only show bar images rather than the precise number of each star rating. Eyeball it.

If the numbers of one- and four-star ratings look close - as with the Clime weather app shown here from the Google Play store- it’s worth digging into the reviews.

Check App Permissions in the Google Play Store

Anyone can go to, search for an app and click its name.

To the right of “About this app," click the arrow. Scroll to the section with “Permissions" and click “View details.” (Caltrider prefers the Google disclosures to those in Apple’s app store.)

If you see the permissions for a weather app include access to your phone contacts, that seems unnecessary and may show the app is overly invasive, said Thorin Klosowski, security and privacy activist for the Electronic Frontier Foundation.

Why does Chase’s app, as shown here, need your location, contacts and your microphone to record audio? (Chase said location data helps find nearby bank branches, microphone permissions are for virtual meetings with financial advisers and contacts access is to send money with Zelle.)

Apps might not collect all the information listed in their permissions and you can typically say no or turn off access. It’s still not great when an app wants information it doesn’t really need.

Klosowski said these spot checks don’t need to be flawless. You’re trying to feel if something seems off about an app.

“Trust your gut,” he said. “We all have pretty good scam indicators, we just don’t always have them on.”

About the Author(s)

The Washington Post

The latest technology news from The Washington Post.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like