I'm part cynic, so the cliché, "There ain’t no such thing as a free lunch," comes to mind every time I contemplate downloading a free application.

So, if there really is no such thing as a "free lunch," what’s at stake when someone installs a free smartphone app? It seems the answer is our personal data - the very thing government agencies around the world are compiling into their monster databases. But while they prefer to rely on secrecy, businesses and advertisers take a different approach, relying instead on the the age-old system of barter. There's only one problem: Most people do not realize there’s a swap taking place.

I have dear friends who are stomping mad at the NSA spying revealed by Edward Snowden in 2013, yet they’re all giddy when they tell me about their latest free downloaded app. They seem oblivious to the rolling advertising at the bottom of the screen, and unaware that by installing the free app, they are more than likely giving the developer permission to capture their personal data.

One example in tech news (under FTC investigation) is a free smartphone flashlight app - the kind that allows a user to manually turn on a camera’s flash LED. This is a cool idea and simple enough, yet a mystery as to why the application needs access to device functions, especially your GPS.

Then again, it may not be so mysterious when you consider that more than one million people have downloaded this particular flashlight application. Physical locations and any other data grabbed from that many mobile devices create quite a database of information - one that advertising firms would love to get their hands on. (Want to stay on top of the privacy debate? Check out the Top Twitter Influencers to Follow.)

Advertisers and Apps

So why do advertisers and marketing firms need to know about the owner of a device? To better serve them, of course. But that's advertiser speak. What it really amounts to is selling more by delivering more relevant advertising. For example, an AARP ad would mean a lot more to a retiree than it would to someone 40 years younger.

To accomplish targeted advertising on smartphones, marketing firms need to know a great deal about the person who owns each one. The following example shows one way this is accomplished:

  • A developer creates a smartphone app, knowing no one will pay for it outright.
  • To cover expenses and make a living, the developer contacts his or her advertising partner.
  • The advertiser loves the app’s potential (remember the million downloads for the flashlight app) and signs a deal with the developer, trading user information for cash.
To be fair, there are some benefits to personalized advertising, particularly when an app is smart enough to offer a half-price coupon for the restaurant where you happen to be eating. But there's a downside too.

Privacy Problems

I know privacy pundits who adamantly oppose anything that involves giving up personal information. There is no way they would install a mobile app that captures so much information. Why? For them, it comes down to lack of transparency. For instance, how are users to know whether app developers and advertisers are abiding by their privacy policies?

Actually, that's a good question. Just try reading a privacy policy or app end-user license agreement (EULA). The documents are verbose and chock full of legalese. And they're long. Really long. For example, the privacy policy and EULA assigned to the flashlight app being investigated by the FTC topped out at almost 3,000 words.

There is also a significant amount of academic research referencing the privacy implications of targeted advertising. A paper published in 2013 by researchers at Queens University in Belfast entitled "Same Issues, New Devices: Is Smartphone App Privacy Groundhog Day for Regulators?" addresses the subject head-on.

"Currently smartphone apps are posing a privacy risk of which users are largely unaware. Personal information can be accessed when app permissions make requests to use phone functions that are unnecessary for the operation of the app," according to the paper's abstract.

Sounds familiar, but there’s more:

"These can include access to users' contact lists, emails, and calendars and are sought by advertising networks, rather than the app developer. They can then surreptitiously gather personal user data to serve targeted advertising, but also to sell to other advertising networks and online businesses."

Users Aren't In Agreement

To get a better idea as to where users stand on this issue, I talked to Dr. Aleecia McDonald, a renowned privacy expert and Director of Privacy at Stanford Law School.

McDonald said she uncovered three distinct groups, each with a markedly different opinion on privacy, versus targeted advertising. The first group, which accounted for about 20 percent of those in the study, wanted the benefits of targeted advertising.

"They want ads that are relevant to them. In fact, the people were quite eager," McDonald said. "However, when asked, they did not seem to understand the privacy implications, and mistakenly felt their privacy is protected by laws that do not exist.

"On the other side, 20 percent of study participants were very concerned with privacy. They recoiled from the idea of their data going out to advertisers."

As for the final 60 percent of respondents in the study, McDonald says,

"I think of them as the swing voters of targeted advertising. What we heard was, 'Why would I want better ads when ads are something I ignore?' This group does not see any benefit of giving advertisers their data."

Privacy Options

If free smartphone apps aren't free, what other options are there? The truth is that there are precious few options available. Installing the paid version of an app will save you from targeted advertising, but data collection may still be allowed. Until something changes, you'll have to read the EULA and privacy documents to be sure. And remember, even free apps come at a price.