App stores like the Google Play Store improve security every year. Yet malicious apps still find their way onto people's phones from time to time. To make sure an app is safe, you have to know what to look for—and where to look.
Here are the six best ways to check if an app is safe before you download it to your Android device.
1. Look for Red Flags in the Reviews
It's important to look beyond the app's star rating. Research shows that over 90% of people base their decisions on reviews, and malicious developers abuse this trust by planting fake reviews on their apps.
The reviews, therefore, are one of the most important things to check when downloading a new app. Five-star messages are often boosted to the front, though. So you might have to click through some filters to see people's complaints.
If more than one or two people are warning that the app is a scam or contains malicious elements, pay attention. Even if the comments are vague hyperbole like "this broke my phone," it's better to be safe than sorry.
If the app has a lot of good reviews, look to see how similar these reviews are. Usually, fake reviews are short, excited comments with general statements. For instance, "The most wonderful app! I like it a lot." They usually don't highlight any specific features.
Of course, some people leave reviews like these sincerely. The main thing to look for is quantity. If there are a lot of short, similar-looking reviews, they may have been copy-pasted in, or generated by a bot.
Lastly, scammers are not known for their excellent customer service. If the developer is replying to comments, this is a good sign that the app is legit. Especially if they are trying to help people with their complaints.
2. Read the App Description Carefully
Spelling and grammar issues don't always mean an app is dangerous. It might just mean the creator's writing skills aren't as high as their programming skills. Keyword-stuffing is a more reliable red flag.
An honest developer will put keywords into the sentence naturally. If the text starts listing search terms rather than describing the product, that's a red flag.
You should also beware of enthusiastic but unspecific descriptions. Broad promises to solve all your problems, or to run perfectly all the time are rarely true. A trustworthy app can name specific features and explain how they add to your experience. Scammers are more likely to generalize.
If the app offers in-app purchases or subscription plans, it should provide even more detail. If the description doesn't tell you what specific perks your payment will get you, it's a red flag. Similarly, apps that don't provide details on what their app can do might be hiding something. Be cautious when the description is vague.
3. Check the Download Count
Start by looking at the release date. If an app isn't only a year or two old but has millions of downloads, this is a huge red flag. It's likely the numbers are artificially inflated. Malicious developers do this by using bots or fake accounts to download their app over and over.
There's no hard rule of how many downloads is too many. But we can use averages to establish a frame of reference. It's difficult for a new app from an unknown publisher to reach 500 downloads by the end of its first month.
Most new apps don't get that far, under-performing in that crucial new-release period. This is why high download rates from unknown publishers are so suspicious.
It's almost unheard-of for a new app to achieve tens of thousands of downloads within only a few months. If that happened, it would definitely be in the news. If the app really is a breakout success, there will be at least a few tech blogs talking about it.
An app that has had several years to grow its download count might be safer. Many scam apps have a short lifespan, getting removed when the reports pile up. But you shouldn't trust an app based on its age and popularity alone. After all, several popular apps are dangerous, too.
4. Review the Permissions List
If the app requests device permissions that don't make sense for it, beware. You can check an app's permissions in the Google Play Store.
Go to the app page, tap About this app, then select the See more option that's attached to the Permissions menu. In this menu, you'll see a summary of what each permission allows the app to do.
A permission is suspicious if the app doesn't list any feature that would need it. For example, a request to listen to the microphone would be alarming in a Solitaire game app. But it makes total sense in a video editor.
Be especially wary of apps that ask for dangerous permissions. Dangerous permissions are those that allow the app to read, receive, or write sensitive information. For instance, your location, stored files, phone calls, text messages, or audio.
Malicious developers make a profit by selling this information or holding it ransom. Once an app has your sensitive data, it can be difficult or impossible to recover your privacy. It's better not to risk granting access in the first place.
5. Find the Developer's Webpage
You can find the webpage by clicking the developer's name in the Google Play Store. You could also Google the following string: "[DEV NAME] mobile apps." Be sure to check Google's News results. Has this developer been in the news for any scandals lately? What about the parent company?
Looking at the developer's other apps can also give you clues. If the developer only has a small number of apps, but ridiculous download numbers, it's a red flag. If they have lots of apps, but the only clear difference is the name or icon color, it's also a red flag.
Honest developers won't have clones or knock-offs of other people's apps, either. If the developer is imitating more popular products or saying their app is a discounted version, don't click! The real developer would simply issue a sale, not release a separate download.
6. Pay Attention to the Installation Process
Some malicious or spam apps sneak things by you through the terms and conditions. These sneaky developers know that most people will click "Accept" without reading. So they get you to consent to data mining, data sharing, pop-ups, and all kinds of other things. The solution is to read carefully.
If the app presents you with terms and conditions when you open it, read them. If it's too hard to understand, try using a plain-language translator like Rewordify. If it's still too dense, you might be better off just closing it and uninstalling.
Apps that want you to agree to a lot of extra stuff might be trying to steal your data. Be especially cautious if they don't seem interested in helping you understand why they need it.
Enjoy Peace of Mind When Downloading
Your personal data is valuable and worth your time to protect. These steps can also save you trouble with spam advertising. With just a moment or two of reading and some common sense, you can feel confident in your downloads.
But apps aren't the only ways malicious developers can access your data. Make sure you perform regular phone maintenance, and use a good virus-scanner!