8 tips to protect you and your iPhone from shady apps

Apple’s App Store is filled with millions of apps that range from useful to just plain fun. And unlike other app stores out there, the iOS App Store is fairly free of malware and other maliciously inclined apps. With that being said, there are still plenty of shady apps on the App Store that you should probably avoid.

Related:

• Protect Yourself Against These Common Apple-Related Scams (Checklist Included)
• Get Rid Of Safari Pop-Up Scams
• Use a security key on your iPhone (and why you should)
• How to fix when Safari gets redirected to Bing on your MacBook

The problem is, of course, that it can be hard to tell a decent app from a less-than-stellar one. But here are some tips to help you weed through the shady apps and avoid installing them on your own devices.

Take a look at reviews and ratings

The ratings and reviews of an app are an excellent resource for you to determine whether or not it’s reputable (or even worth a download). Apps with poor user reviews and a low star rating are probably not worth your download.

But you should also beware apps that have no star ratings or reviews. While this doesn’t automatically paint the app as a bad one, it does suggest that it’s either new or not very popular. Because of that, you won’t have other user experiences to rely on when deciding whether or not to download it.

On the flip side, there’s always the chance that reviews can be faked or paid-for. If all of the reviews sound suspiciously the same and carry a five-star rating, that may also be a cause for concern.

Be aware of app limitations

The way iOS is designed results in apps being “sandboxed,” which essentially means that they’re unable to access most system features, as well as the capabilities of other apps and services unless you explicitly grant permission.

As a result of that sandboxing, apps that claim to be able to “clear RAM,” “boost battery life” or “defragment” your device’s drive are mostly bogus. You should really steer clear of any app that claims to do anything related to maintenance or utility.

This also goes for antivirus or anti-malware apps, since these types of systems often require deep access. iOS and iPadOS don’t really suffer from malware, so apps that claim to protect your device probably have ulterior motives. And, at the very least, these apps probably aren’t doing much for your security anyway.

Keep an eye on data requests

As we mentioned earlier, all third-party iOS apps need to specifically request access to use system features such as Location Services, Bluetooth, Wi-Fi, and the camera and microphone. Asking to request this features is pretty normal, and you probably don’t give it a second thought.

• 13 settings you should change in iOS 13 or iPadOS

But you should definitely be vigilant for apps that request access to too many things, or system settings that they don’t seem to use for a user-facing feature.

There isn’t any reason an App Store game needs access to your camera and microphone, for example. If a utility app is asking for your Location Services, Bluetooth and Wi-Fi, you should also give it a second thought.

Don’t believe unlikely claims

Your iPhone or iPad comes with a set of impressive features that Apple expands regularly. But there are, of course, many things that your iPhone isn’t capable of doing. It’s best to be aware of these limits and keep an eye out for apps that claim to add them.

An app can’t turn your iPhone into a thermal camera, and the fingerprint sensor on an iPhone cannot be converted into a heart rate sensor. Any app that claims to offer these features is lying — and likely has something else nefarious up its sleeve.

Just like with utility, maintenance, and antivirus apps, if it sounds too good to be true, it probably is. While common sense kicks in for many users, you may want to let younger users or the less technologically inclined know about these sketchy apps.

Look out for in-app purchases

Many apps have some type of in-app purchase or recurring subscription, particularly if they offer specific services or if the app doesn’t have advertisements. Normally, in-app subscriptions are perfectly legitimate — but you should be aware of them.

There have been examples of apps trying to trick users into purchasing a subscription or making a single in-app purchase in the past. While Apple has cracked down on these apps, it’s certainly possible for them to slip through and reach the App Store.

• How to Unsubscribe from an app on your iPhone or iPad

Be aware of any payment prompts. When it comes to free trials, make sure you know how to cancel them before you’ll be charged. If you see anything suspicious going on, delete the app and report it to Apple.

Beware inter-app connections

You can reach a point when using iOS when many of your apps connect to each other. You can link ride-sharing apps with your social media profiles, and Calendar apps with your to-do lists. For the most part, this is all well and good. But there’s always the chance that a bad actor can abuse these connections.

That’s particularly true for apps that purport to boost your social media follower count or allow you to see who unfollowed you. For the most part, these apps are either illegitimate or they don’t work due to API restrictions. As such, you’re better off avoiding them.

In the worst-case scenarios, these apps can introduce malware on your devices or hijack your social media profiles to post content without your consent. Even in the best case scenarios, they’re probably harvesting your data for ad targeting purposes.

Steer clear of non-App Store apps

Until now, we’ve been talking about avoiding shady or unscrupulous apps on the App Store. But there are other ways for third-party app makers to get software onto your devices, including by abusing mobile device management (MDM) certificates.

This has happened in the past, most notably by “research” apps created by Facebook and Google that really just spied on their users. But although those apps weren’t malicious in the strictest sense of the word, getting malware onto your iPhone via configuration profile is a very real possibility.

Our recommendation is to never allow any app, website or service to install a configuration profile (or just “profile”) onto your devices. Technically savvy users can actually take advantage of profiles to unlock functionality. But if you’re unfamiliar with how they work, avoid them like the plague.

Do your research

At the end of the day, the security of your devices and data largely comes down to you. If you take these things seriously, you should do your own research and evaluate each app you download on a case-by-case basis.

Just because an app is popular doesn’t mean that it’s safe. There’s always the potential for sketchy things to be going on in the background.

We recommend researching the developer or producer of an app to see if they are, in fact, legitimate themselves. Check other forums, like Reddit or Twitter, to see what other users have to say about it. And if you are at all unsure, just don’t download the app.

We hope that you liked some of these tips to help protect your device from shady apps. Please let us know if you have any questions or tips that you can share.

Mike Peterson( Senior Writer )

Mike is a freelance journalist from San Diego, California.

While he primarily covers Apple and consumer technology, he has past experience writing about public safety, local government, and education for a variety of publications.

He’s worn quite a few hats in the journalism field, including writer, editor, and news designer.