We all love apps, of course, and smartphones would be pretty pointless without them. One of the biggest selling points for both Apple and Google, over the years, has been the number of apps available in the respective stores. With the much lower number in the Microsoft app store probably being a significant factor in causing Microsoft to all but abandon the Windows Mobile format.
But, out of the hundreds of thousands of apps available, how do you know which are safe and which aren’t? We’re not just talking about viruses, although they do pose a potentially significant risk to your device. We’re also talking about the permissions that an app demands on install. For all you know, it could be logging the login details for your banking app. It can then be uploading them to some unscrupulous thief who will clear out your account before you realize.
On your own, without help from elsewhere, it’s almost impossible to know what an app is doing on your phone. That goes for iOS phones as much as for Android. For years, Apple advocates have tried to convince everyone that Apple devices aren’t susceptible to viruses or malicious code. But it’s a fallacy to believe you’re any safer with Apple than any other OS developer. It is true that apps go through a very stringent process before being accepted into the iOS App Store. Yet dangerous apps do, and have, make their way through undetected.
With Android, in particular, an app will ask for permissions before installing. These may be access to pictures, or your contacts or any one of a number of other things based on what type of app it is and what it is intended to do. Let’s say you want to install a 3rd party clock app, for example, that does nothing more than tell you the time and maybe allows you to set an alarm. You might want to question why it wants permission to access your location, or emails. It might be that the app is entirely genuine in its honesty. It may just be that it uses old Google settings that used to lump various permissions in a group regardless of the need for them in any given situation.
The good news is that you can turn each permission off very easily in the Android settings. If you go to Settings > Apps, tap any app in the list and there is an option to view the permissions it has. Each permission can be disabled individually. If you find the app then won’t run, or crashes, you can either turn the permission back on or, better still, look for an alternative app that only asks for what it needs.
iOS runs a similar switch toggle method for permissions for its apps. However, is a little more upfront about what permissions it wants when you run it. You have to explicitly accept each one. That is unlike Android which shows a single popup which barely even demands reading. To see which app has what permissions, go to Settings > Privacy. Then access whichever section you want, such as pictures, location services etc. This will then show you which apps have that permission active, and you can enable/disable multiple apps in the same screen. This is a much more efficient setup than going into each app separately, as is required in Android. So kudos to Apple for making that way.
But, as we’ve said, that’s only half of it and can be a laborious process to go through. Fortunately, others have made an easier way to check if an app is truly safe. Zscaler, an online security company have developed the Zscaler Application Profile. Where all you need to do is enter the app name, from either Google or Apple stores, and ZAP will see if it has any information in its database regarding the app. Of course, not all apps have been checked as yet. But the checker also allows you to put the app store page address in. It will then open the app and scan it.
Finally, if you use Android, you may actually already have protection built in. Google have been rolling out something called Google Play Protect for a few months now. As long as you have Play Services v11 or later, Google is automatically scanning your apps for problems and any of them misbehaving. Google claim that the process is always working. But there is some debate on how often Play Protect actually runs a scan. Outward appearances indicate that a scan is run on your device once every 24 hours. So, if you install an app just after the scan, it won’t be checked until the next day.
There’s also no way to manually scan an app, which appears something of an oversight on Google’s part. Yet you can see which apps have been scanned, along with any reports. Go to Settings > Google > Security > Google Play Protect (or Verify Apps”, depending on your device or Android version). It’s not foolproof (yet), but it does show that steps are being taken to keep users safe.
And that can only be a good thing.