You’ve spotted an app, site, or service you like the look of, it’s completely free to use, and so you’re ready to sign up—but how can you tell the service is above-board and legit? That you’re not going to be subject to nefarious dark pattern tactics or see you or your teens sensitive data shared with advertisers. Before joining a service that seems to good to be true take the steps below. Common sense and a little digging can usually save you from the shadiest apps.
Paid-for apps and services are bad for your budget but good for your peace of mind, because if you’re getting charged up front then it’s less likely (although not impossible) that your data is being sold to the highest bidder.
When considering a free product, find out how it’s making money: outside investment? Advertising? Premium plans? Extras for businesses? You should be able to glean some of this from wherever the site or app is listed, or by searching for news stories about the app, but if you’re in doubt, you can always ask.
Some apps and services are put together as labors of love by independent developers working in their spare time, so there might not be any revenue stream at all, but it’s one of the flags to look for when deciding if you’ll sign up.
See what other people are saying. That means reading reviews from other end users or the tech press. There’s no guarantee that reviews will identify every potential problem for you, but they can certainly help spot a dud.
Reviews will also tell you how long a service has been in operation and how well established it is—free apps get another tick in the positives column if they’ve been running for years without any problems. There’s nothing inherently wrong about brand new free apps and sites that spring up out of nowhere, but be a little more cautious.
Reviews definitely aren’t foolproof though. You’ll find misguided reviews from users and sponsored reviews from tech sites (though this should be stated up front). When browsing user reviews try looking at the highest and lowest rated ones, and if possible note the spread. If an app was earning five stars for years and suddenly has an influx of one star ratings, it may have more to do with app users who hate change than problems with the app itself.
And also get as broad a consensus as you can. Don’t rely on just one or two write-ups, as these might be outliers.
It’s a truth universally acknowledged that no one has the time to read through all the terms and conditions they come across, and even if you do set aside an evening by the fire to pour over a bunch of them, there’s no guarantee you’ll be able to make sense of what you’re reading.
That said, it’s still worth a shot if you’re on the fence about signing up for a particular app or service. Look for the sections most relevant to you—on data use and privacy maybe—and if in doubt seek clarification from the developer.
There are places you can go for help too: Terms of Service Didn’t Read is an ongoing project designed to throw some light on the T&Cs of the bigger sites on the web, and you can get the iTunes terms and conditions in graphic novel form. You’d even be surprised at what some online searching can turn up.
Checking up on app permissions is pretty straightforward, and you’ll be prompted to approve them one by one after you’ve got the app installed. If there’s anything unusual, you can get rid of the app and back away slowly (or check for an explanation from the developer as to why a certain permission is required).
To review permissions for your installed apps, go to Settings then tap Apps, the app name, and Permissions on Android, or pick the name of the app from Settings on iOS. On iDevices you can also tap Privacy in Settings to see permissions grouped by category, like location services or access to contacts.
On both Android and iOS you have the option to revoke any permissions you’re not comfortable with. Though there is then the likelihood that the app won’t work properly any more. Even for apps you do trust and are happy with, it’s worth double-checking the permissions you’ve given over to them.
When the product comes from an indie deveoper, checking the developer behind an app, site, or service is one of the best ways of verifying its legitimacy. Look for Twitter feeds and website profiles (most iOS and Android app listings come with a reference website) to try and build up a picture.
Obviously the bigger the developer name the more credibility an app or service has, though you’re still placing your trust in the practices and policies of whatever company you’re dealing with. A well-known app might be less likely to get hacked, but more likely to be harvesting data on its users.
Not every legit developer has a legit-looking online presence (and one could be quickly faked anyway), but it’s another piece of the puzzle to check up on. Once certain developers have earned your trust, you can stick with them.
None of the points above can categorically prove one way or the other whether an app is dodgy or legit, but take them all together, and you stand a better chance of staying out of trouble when trying out new products.
Even after you’ve signed up for or installed something, there are plenty of ways you can try and stay safe, from revoking access granted to third-party apps to installing browser extensions built with security in mind. And you should be keeping your software up to date and checking recent activity on your accounts too.
Finally, stay on top of the latest tech news (Gizmodo is good for this), then if a suspect app does get exposed or hacked, you can do something about it. What’s more, you can make use of sites dedicated to hacks, like Have I Been Pwned?, to stay on top of breaches involving your data.