SHARE

There’s a wealth of software available for Windows, macOS, Android, and iOS—but not all of it has been developed with the best intentions. There are apps out there that have been built to steal your data, corrupt your files, spy on your digital activities, and surreptitiously squeeze money out of you.

The good news is that a few smart questions can steer you away from the shady stuff and toward apps you can trust and rely on. If you’re not sure about a particular piece of software for your phone or computer, running through this simple checklist should help you spot the biggest red flags.

1. How old is the app?

Wherever you’re downloading an app from, there should be a mention of when it was last updated. On the Google Play Store on Android devices, for example, you can tap About this app on any listing to see when it was last updated, and what that update included. On iOS, tap Version History.

Old software that hasn’t been updated in the last year or so isn’t necessarily bad, but be wary of it: It’s less likely to work with the latest version of whatever operating system you’re on, and it’s more likely to have security vulnerabilities that can be exploited by bad actors (because it’s hasn’t been patched against the latest threats).

Don’t automatically trust brand new software either. An app may have been rushed out to cash in on a trend (whether it’s Wordle clones or ChatGPT extensions), and these types of apps are built to make money rather than offer a good user experience or respect your privacy. It may be worth just waiting until you’ve seen some reviews of the app in question.

The app info for an Android app on the Google Play store.
Look out for when the last app update was. David Nield for Popular Science

2. What are other people saying?

That brings us neatly to user reviews, which can be a handy way of gauging an app’s quality. It’s easy to use the dedicated reviews sections in official app stores to see what other people think of the software, but in other scenarios (like downloading a Windows program from the web) you can do a quick web search for the name of the app.

Be sure to check several reviews rather than just relying on one or two, and look for running themes over isolated incidents (the customer isn’t necessarily always right). See what users are saying about bugs and crashes, for example, and how any requests for support have been handled.

[Related: What to do when your apps keep crashing]

Reviews can be faked of course, even in large numbers. Don’t be too trusting of very short and very positive reviews, or reviews left by people with usernames that are generic or look like they might have been created by a bot. Place most faith in longer, more detailed reviews that sound like they’ve been written by someone who’s actually used the software in question.

3. Can you trust the developer?

It doesn’t hurt to run a background check on the person or company that made the software, and the developer’s name should be shown quite prominently on the app listing or the webpage you’re downloading from. Clearly if it’s a well-known name, like Adobe or Google, it’s a piece of software you can rely on.

If you’re on Android or iOS, you can tap the developer name on an app listing to see other apps from the same developer. If they’ve made several apps that all have high ratings, that’s positive. Developer responses to user reviews are a good sign as well, showing that whoever is behind the software is invested in it.

Checking up on the developer of an app that you’re downloading from the wilds of the web isn’t quite as straightforward, but a quick web search for their name should give you some pointers. Developers without any online or social media presence, for instance, should be treated with caution.

4. How much does it cost?

Pay particular attention to how much an app costs, both in terms of up-front fees and ongoing payments: These details are listed on app pages on Android and iOS, and should be fairly straightforward to find on other platforms too. You don’t want an app that’s going to extort money out of you, but you also need to figure out how the costs of development are being supported.

Like the other questions here, there are no hard and fast rules, but if an app is completely free it’s most likely supported through data collection and advertising—this is true from the biggest names in tech, like Facebook and Google, to the smallest independent developers. Freemium models are common too, where some features might be locked behind a paywall.

[Related on PopSci+: You have the power to protect your data. Own it.]

If you get as far as installing an app, go through the opening splash screens very carefully, and pay attention to the terms and conditions. Watch out for any free trials you might be signing up for,that could be charging your credit card unexpectedly in a month’s time (even if you’ve uninstalled the app).

The in-app pricing list for Bumble.
Check the app list for any in-app payments. David Nield for Popular Science

5. Which permissions does it need?

If you’re installing an app through an official app store, you should see a list of the permissions it requires, such as access to your camera and microphone. You’ll also get prompts on your phone or laptop when these permissions are requested. Be on the lookout for permissions that seem unreasonable or don’t make sense, as they could indicate a piece of software that’s less trustworthy.

Ideally, apps should explain to you why they need the permissions they do. Access to your contacts, for example, can be used to easily share files with friends and family, rather than to pull any personal data from them. It’s not an exact science, but it’s another way of assessing whether or not you want to install a particular program.

You can change app permissions after they’ve been installed, too, and you should check in on these every once in a while because settings may change as developers update their app. We’ve written guides to the process for Windows and macOS, and for Android and iOS. If you do think that a piece of software is reaching further than it should do in terms of permissions, you can block off its access to them rather than removing it.