When you’re browsing through the millions of apps available from the Apple and Android app stores, you’ll notice that close to 98% of them are free to download. That’s great if you’re looking to fill up your gadget, but many free apps, and some paid ones, do come with a hidden price: your privacy.
When apps install on your gadget, they request permission to access certain information or phone features. Sometimes they need this information and sometimes it’s not necessary.
A messaging app, for example, needs permission to access to your contacts and Wi-Fi connection to do its job. However, a Flashlight app doesn’t need to know your location or have full Internet access.
Apple gadgets let you approve or deny each permission individually. You can go to Settings>>Privacy and open a feature like the Camera to see and control what apps have permission to access it. Or you can go to Settings and scroll to the bottom and tap a particular app to see and control its permissions.
A similar system is coming to Android in the future version 6, dubbed Marshmallow. Until then, however, it’s all or nothing for Android users. So, you need to decide just how badly you want the app.
Of course, that leaves us with the problem of how to tell if an app is on the up-and-up with its permissions. Most don’t tell you what they use the data for, although some will if you contact the developer. Fortunately, you don’t have to dig into every single app.
A few years ago, Carnegie Mellon University set up a site called PrivacyGrade that analyzes popular Android apps to find out what permissions they ask for and how they use the information. Then it gives each one a grade from A to D.
This scoring system is a little tricky, though. Part of PrivacyGrade’s scoring system is looking at the permissions the app uses and the libraries.
Libraries are third-party bits of code from other developers that app creators can drop in. Many of the ones you’ll see are from advertising networks, although some are utilities to track how the game is working, or even from Facebook for easier logins to the app.
An app with a lot of advertising libraries is going to get a worse score than an app just running utility libraries. That’s because an advertiser can track you across any app that includes its library.
With this scoring system, PrivacyGrade’s scores can change over time. Some of the apps that used to be on the “D” list, such as the classic “Fruit Ninja,” now get a “B” or even an “A.” Sometimes that’s because the app tweaked its permissions, but other times it’s because it decided to be more upfront about what it does with your information.
Here are 7 popular apps that PrivacyGrade gives a low score and why you should think twice.
1. Draw Something Free – D
This popular app lets you play a version of remote Pictionary with friends. It’s fun, but it includes several advertiser libraries and uses the “Read phone status and identity” permission to pass advertisers your phone number, call log, signal information, carrier and more.
2. Words With Friends – D
This popular app is like a fast game of Scrabble, and it’s great for brushing up on your vocabulary or being humbled by small children. However, it’s from the same developer as “Draw Something,” it’s no surprise it has the same privacy worries. However, it goes a step further with the “Precise location” permission. While it does use your location for the game, it also uses it to show you location-based ads.
3. GO Locker – D
This app acts as a screen lock for your phone, and promises to be more secure and smarter than your gadget’s built-in screen lock. Naturally, that means it has to know a lot about your phone and requires just about every permission available, from your location to reading your text messages.
Oddly, it doesn’t have advertising libraries installed, although it could be sending data to advertisers using its own first-party code. However, it does link up and send your information to app stores besides Google Play. This is potentially dangerous since app stores besides Google often have malicious apps that can steal information from your phone. This could very well be a gateway app for unsecured apps or apps that do seriously hurt your privacy.
4. GO Weather Forecast & Widgets – D
From the same company that brought you GO Locker, this app brings you the weather and a forecast. However, like GO Locker it uses a lot of its permissions to send data to app markets besides Google Play. After doing a little checking, it appears that every GO app, including GO Battery and GO SMS Pro, has this same design. I recommend steering clear of them.
5. Camera360 Ultimate – D
Android’s default camera app is serviceable, but not fantastic. Camera360 Ultimate promises to add more camera modes, exclusive filters, free cloud storage, facial recognition, real-time “touch-ups” and more with no ads.
It doesn’t include any ad targeting libraries, but it does grab a lot of information, and is has the Baidu search engine library built in. Baidu is China’s answer to Google, and there’s no good explanation why a Chinese search engine might need things like the ability to turn your Wi-Fi on and off. In the same vein, the in-app purchases are powered by Alipay, which is a Chinese payment system.
To really take control of your smartphone’s camera, check out Camera FV-5 for Android or Manual for Apple.
6. Angry Birds – C
The first modern “viral” mobile game with more than 2 billion downloads since 2009, Angry Birds and most of its sequels and spinoffs don’t fare so well with privacy. Most include several targeted ad libraries that grab your phone identity information, which includes phone call logs, your signal, carrier, device ID and number.
Outside of PrivacyGrade’s score, “Angry Birds” also has the distinction of being one of the apps the NSA and British GCHQ targeted to snag user information from smartphones thanks to poor security. The newer versions of Angry Birds aren’t as vulnerable, so they get a slightly higher “B.”
7. My Talking Tom – D
If you have kids around, “My Talking Tom” is an app you might get asked to download. It’s basically a cute little game where you adopt and take care of a kitten. However, its privacy settings aren’t so adorable.
It includes a whopping eight targeted ad libraries and, in addition to your phone’s identifying information, it sends the advertisers audio from the microphone as well. For a kids’ game, that’s creepy.
Other games from the same developer, such as “Talking Angela” or ‘Talking Ben,” cleaned up their act a bit by only sharing phone information with advertisers. However, they still access the microphone and camera for internal use, leading to a string of hysterical reports last year that they spy on kids. That’s not what actually happens with the data, but if you want to give these apps a miss, I don’t blame you.