3 red flags you should look for before downloading an app

Do you read an app's terms of service agreement before you click to accept or agree? If you don't, you're not alone. Research has shown that very few people actually take the time to read what an app or website is asking them to agree to even when, in the case of one study, participants unknowingly agreed to give the company at hand their future first-born children. The lengthy documents aren't often designed to be understood, other researchers have concluded. 

"The option of reading through the terms of service or privacy policy is not easy. It's not accessible," said Nader Henein, a senior research director and a fellow of information privacy at Gartner. "If you've had lawyers write up the policy, there's a good chance that someone without a law degree and a good half hour of time to dedicate to it will not be able to decipher exactly what it's asking for." 

But don't worry we're here to help. Here are three red flags to look out for before you hit "agree" on privacy policy to download an app or use a service. 

Red flag No. 1: Complexity 

In legal disputes over privacy policy and terms of service documents, many cases don't make it to litigation because there's no expectation that someone is actually going to read the fine print, Henein said. There's also no expectation that the reader will have the necessary training to understand the policy even if they did read it, he added. 

Apps with complex policies that bury exactly what a person is agreeing to (such as sharing their data with third parties) are disingenuous on the part of the company, and should be avoided, Henein said. 

"If the language is complex, and you read the first paragraph and it makes no sense to the average person, that tells me that the company really hasn't considered people into the equation," Henein said. "You need to be on your guard." 

Red flag No. 2: Implicit agreement

Policies that want an implicit agreement or implicit consent should raise a red flag. This means that you don't actually "give" your consent, but your consent is implied by a certain action or situation. Henein says this would look like terms of service agreement that says "by browsing this webpage you agree to A, B, and C." This type of language isn't enforceable and shouldn't be enforceable, he said.

Red flag No. 3: Data collection and monetization

What a policy agreement says about data collection is another important factor to consider before hitting download, according to Engin Kirda, a professor at Khoury College of Computer Sciences at Northeastern University. Going hand in hand with this is how the app makes money, Kirda said -- particularly if it's free to download. 

Monetizing an app with ads can mean it's providing a better service, but it can also mean that it's profiting from selling your data. But there's a difference between collecting some necessary information to help the app be useful versus collecting lots of information that is sold to third-party advertisers or could potentially be stolen.

Other app warning signs

While it's important to know what's in a policy agreement, there are other red flags you can spot without reading the document, Kirda said. Another major red flag is what permissions an app asks for. For example, a calculator app doesn't need access to your microphone or location. Also, pay attention to whether you can use the app after denying any permissions, he added. Asking for unnecessary permissions can signal nefarious activity like an app having access to your call logs or gathering data from your Wi-Fi connections, for example.