Conventional wisdom is that you don’t have to worry about apps that are based in the U.S. and available on Google Play or the App Store.
Bad news: Conventional wisdom is wrong.
A study of malicious and dangerous apps by Marble Labs found that 4o% of dangerous apps are actually developed by U.S. publishers. And these apps weren’t lurking in third-party app stores or only available on jailbroken devices: They were found on Apple’s App Store and Google Play.
What makes an app risky?
Some of the things these apps did:
- send users’ private data without their knowledge
- mined contact lists
- spread web browsing history
- send premium texts which charge money to the user
- lead to phishing websites
- obtain information without a privacy policy, and
- have security vulnerabilities.
Permissions aren’t explicit
The way they get away with this: By being vague with permissions. So while the app may request access to your contacts, it won’t inform you that it takes that access and sells the contact list.
Best bet: Avoid any apps that have strange permission requests. Unless there’s a clear need for why an app would need access to your data, it’s best to move on and find a less intrusive alternative.