SUGGESTED SEARCHES
Is Toronto the Next Silicon Valley? Borderless AI CEO Suggests ‘Yes’ Interview
How ChatGPT is Revolutionizing Smart Contract and Blockchain Cryptocurrency
When is Pi Network's Expected Launch Date? Pioneer's Mainnet 'Lands in Q1 2025' Blockchain

Is Free Software Worth the Risk? We Asked the Experts

Why Trust Techopedia
A smartphone floats amidst a whirlwind of colorful images and icons, symbolizing digital chaos and connectivity.

Before I started writing this feature, I counted the apps on my phone. I have fifty-six, and I’ll admit I never use some. I haven’t paid for any of them. Even as someone who should know better, I hadn’t perused any of the reviews of these apps before I hit the download button, just hoping there would be no implications for me as I ticked the T&Cs box without reading anything. And I am not alone.

After all, finding an app that fits your needs can be overwhelming and time-consuming, so many of us skip due diligence because of time constraints (and perhaps impatience).

The app business is staggeringly huge. As of June 2025, Apple’s App Store alone has 1.8 million apps, and Google Play mirrors this number. Apps are just one form of software we all deploy daily. But are they really safe?

Key Takeaways

  • Free software often comes at the hidden cost of privacy, as developers recoup expenses by harvesting and monetizing user data.
  • Dark patterns and complex terms and conditions (T&Cs) are used to manipulate or confuse users into agreeing to practices they may not understand or want.
  • Malicious apps – sometimes masquerading as trusted brands – can bypass official store protections and pose significant risks, such as spyware or malware.
  • Free apps and software frequently lack robust customer support and timely security updates, which increases users’ vulnerability.
  • Some free tools compromise quality, offer misleading content, or bombard users with intrusive ads that degrade user experience and performance.
  • Protecting children (and yourself) requires awareness, open conversations, and proactive research before downloading apps, no matter how harmless they seem.

The Problem With T&Cs: Complexity, Dark Patterns & Consumer Confusion

James Bore, Managing Director and Principal Consultant at Bores Group, said that companies make T&Cs purposefully complex to confuse consumers.

He told Techopedia:

“This isn’t the fault of consumers for not reading; it’s the fault of the companies writing privacy policies and the lack of enforcement of requirements to have them in plain, transparent language by regulators. Google’s, from my last check, is 10,000 words long – which is nearly an hour’s read at the average reading speed.”

Nader Henein, a Fellow of Information Privacy and Research VP for Data Protection and AI Governance at Gartner, said that at the extreme end of this are software and app developers using “dark patterns.”

These deceptive patterns are “tricks used in websites and apps that make you do things that you didn’t mean to, like buying or signing up for something,” explained action group darkpatterns.org.

Henein said:

“The subject of dark patterns has been highlighted by many regulators on either side of the Atlantic over the past two years as the use of dark patterns has escalated.”

Consumers don’t stand a chance against this unless they are among the few to know about these tactics.

So, what is the solution? The simple rule is not signing anything you don’t understand, and specifically looking at things you might not like, including what data is being collected. However, this might be a challenging task. You can also use Terms of Service; Didn’t Read (TOSDR) browser add-on, which you can use for websites, but this won’t cover apps downloaded from app stores.

So, what can you really do while downloading free apps?

Malicious Software

Reading reviews is advisable, as software offerings and apps that have low ratings might be buggy or even dangerous.

Sometimes, apps purportedly from huge tech ventures like Spotify and Facebook are listed but with very few reviews or downloads. This could be because they are not genuine and are only there to entrap.

The big app store owners have done some of the work for you and do have stringent certification schemes in place. Microsoft, for example, carries out a three-pronged test consisting of a security test for viruses and malware, a technical compliance test, and a content compliance test.

Android users can deploy Google Play Protect if they want an extra layer of protection, as this automatically scans all Android apps, gets rid of apps that haven’t been used for years, and also blocks the installation of harmful apps. But some malicious apps do slip through.

Bore warned:

“There are malicious apps in app stores, though security measures exist to try and prevent them, and they aren’t common. The biggest risk is downloading free apps from sources other than the official stores unless you know where you’re getting them from. Many of the ‘free’ stores have versions with malware injected.”

  • If you have to stray from the reputable app stores, download the app you need directly from the official website for that product (whether software, e-commerce, etc.). The same goes for software.
  • Ensure your device is protected by a researched and reliable antivirus package, and stay wary.
  • If you have downloaded anything that you were unsure about, keep an eye out for your battery draining faster than usual or your device freezing, as these could be signs that your new software came loaded with spyware.

Software That Mines Your Data

PC World was spot on when it declared: “When you don’t pay for the product, you are the product.”

If you do not pay anything for software, the developer will be recovering its costs by collecting your data. This could be the data you hand over when you register, through various permissions, or via cookies tracking data on your habits.

Developers can monetize all of this data. As Henein explained to Techopedia:

“Free apps, for example, are rarely run by benevolent societies. They have to generate revenue either by having in-app purchases (as is with most games) or through advertising.”

He continued:

“The latter (advertising) requires a lot of information to precisely target each ad served, thereby generating as much revenue per ad. Targeted advertising requires a lot of data, which is why free apps tend to collect a lot of data. Paid-for / subscription-based apps tend to collect data as well, but their motivation has less to do with advertising and more to do with providing a better service and improving user retention.”

This data could include your name, age, location, address, email, and where you work, but also more sensitive data like medical data or financial information, depending on the nature of the software.

Indeed, most SaaS offerings will be storing some data from you. Generative AI tool ChatGPT, for example, will store your device data, usage data, user content (what you used in your prompts), and log data (including your IP address) and this is passed on to the parent company, OpenAI, for analysis. Users can opt out of allowing the chatbot to be trained on their conversations, but some data will always be stored.

Social media platforms like Facebook and Instagram are openly mining data and make it very tricky for you to opt out. According to telemetry venture, Edge Delta, Facebook generates about four petabytes (PB) daily. Facebook has a policy that users can read through, and it isn’t difficult to decode.

However, it does say that if you want to protect certain information, you must stipulate. After the Cambridge Analytica Scandal, which impacted 87 million people, users suddenly woke up to the sheer volume of data that social media platforms were harvesting, but we have perhaps fallen back into indifference.

Also, these companies will never stop gathering some information, whatever boxes you tick. It is terrifying to think that you are then losing control of this data once it is shared, and so many of us remain blithely unaware of precisely what has been stored and where.

What Can Happen to Your Data?

Once it’s collected, you, the owner of the data, have no control over how and where it is used. Data brokers could trade it, and for some unlucky consumers, it could fall into the hands of the wrong people.

This could be a hostile foreign power. The wrangle between the US Government and Chinese-owned TikTok is being fought over the allegation that US users’ data has been sent to China, where it is not ring-fenced from the government there. Russian-owned antivirus company, Kaspersky, has been forced to shut down its US operations for this very reason, as the US Government claimed its national security was at stake.

In 2023, owners of two apps in the Google Play Store got a shock when they discovered both were hosting Chinese spyware. The File Recovery and Data Recovery app and the File Manager app, which had more than one million downloads between them, were harvesting information, including contact lists, real-time user locations, device brand and model, and even media compiled in the application.

Whether cybercriminals are state-sponsored or not, the implications can be significant, ranging from financial losses to the potential for extortion.

If you are an iOS user, the Apple App Store does have privacy labels on apps to explain how your data will be handled. This means you are pre-prepared for when the app starts bombarding you with permissions. These can be for everything from your microphone to your location data, so be careful and apply logic.

As Henein said:

“Users must pay attention to proportionality. The service the software provides needs to justify the data requested. A weather app may request access to location data when the app is active to provide accurate weather guidance, but should not have access to the user’s address book; it’s simply not needed given the service in question.”

Software With Vulnerabilities

Money management app creator, Banktivity, said that with the pressure to get software live, there is the danger that developers have “cut corners” – and “this can result in security vulnerabilities creeping in… putting your personal data at risk.”

The statistics are pretty eye-opening. According to US application security outfit Veracode, more than 75% of applications have at least one flaw. The US Government’s National Vulnerability Database recorded that the number of disclosed vulnerabilities has reached 39,982 in 2024, exceeding the count from the previous year by more than 10,500.

Avalanche of Ads

There is plenty of free software that does not necessarily leave users vulnerable to cybercriminals. But just because software is verified and has positive reviews, it doesn’t mean that it is problem-free.

Embedded in those T&Cs that the majority of us don’t read are things that we won’t like, including agreements to be served endless ads.

These are other ways for the app developer to get their money’s worth for customers who have downloaded the app for free. While annoying, these ads slow down our devices’ performance and are a way for the app creator to collect data on users, which they can monetize. This then brings us back full circle to the dangers of data collection.

Lack of Support

If things do go wrong, the majority of free software providers will offer little if no support. This is a huge issue for antivirus packages. You might be pointed to a forum or information page, but it is unlikely that you’ll get access to live help.

It also means that you might miss out on the all-important updates. Antivirus firms are using artificial intelligence (AI) to track the ever-changing threats and issue constant updates to reflect this. As a free user, you might not get these updates, and therefore, you will be vulnerable.

If you are using the software for personal reasons, this might not be a huge problem, but if you are an enterprise client, the impact of a software issue could be fiscal.

Advice to Parents (…Actually Advice for Everyone)

We can all admit that we sometimes neglect reading T&Cs and reviews, but have we talked to our children about the dangers of not doing this due diligence? So many children now have laptops and smartphones that allow them to download software just like we do.

Bore says protecting them is all about education. He told Techopedia:

“Various parental control tools and apps exist, and they are worth looking at. If you are going to use them, then ensure that you have an open conversation with your children about why, the dangers of apps and software, and what the boundaries are.”

He added:

“Children are very good at evading parental control software if they do not understand the reason for it or feel it is overbearing.”

But we can’t educate our children if we are oblivious to the potential pitfalls of downloading a free piece of software without research.

Yes, it is time-consuming, but it is surely worth it considering the nature of the data we might be sharing or the time it takes to deal with a malware attack.

It is a case of arming yourself with information and making an educated decision before you hit download, however appealing the word “free” is.

The Bottom Line

Free software can save you money upfront, but it can cost you your privacy, security, and peace of mind.

Always research before downloading, read the permissions and reviews, and remember – if you’re not paying for the product, you might be the product.

FAQs

Why is free software often considered risky?

What are dark patterns in apps and software?

Can free apps from official stores still be dangerous?

How can I protect my data when using free software?

What’s the risk of not reading the app T&Cs?

References

  1. App Store – Apple (Apple)
  2. Google Play sees 47% decline in apps since start of last year (TechCrunch)
  3. About Us (Deceptive Patterns)
  4. Spreading awareness since 2010 (Dark Patterns)
  5. Terms of Service; Didn’t Read (Chromewebstore.Google)
  6. The app certification process for MSIX app – Windows apps (Microsoft Learn)
  7. Play Protect (Developers.Google)
  8. The pros and cons of free antivirus software, explained (PCWorld)
  9. Yes, ChatGPT Saves Data. Here’s How To Secure It (Forcepoint)
  10. Data Creation in 2024: Daily Breakdown (EdgeDelta)
  11. Facebook (Facebook)
  12. Facebook: Cambridge Analytica Data Leak Affected 87M People (Uk.PCmag)
  13. Two spyware tied with China found hiding on the Google Play Store (Blog.pradeo)
  14. Buyer Beware! The Risks With so Called Free Apps – Personal Finance 101 Blog (Banktivity)
  15. State of Software Security 2024 Report (Veracode)
  16. Home (NVD.nist)

Related Reading

Related Terms

Advertisements
Katie Scott
Industry Expert
Katie Scott
Industry Expert

Katie has been a journalist for more than twenty years. After graduating from Oxford University, her career began at the world's oldest photography magazine. She moved into the world of gadgets before becoming News Editor on Wired.co.uk. Her last interview there was with David Attenborough whilst drinking tea in Kew Gardens. A stint in Hong Kong followed where she profiled the startup scene in 25 Asian cities for Cathay Pacific’s inflight magazine. Now back in the UK, she writes for a spread of titles including Breathe, Happiful and Stylist, as well as tackling everything from FinTech innovation to cultural heritage…

Most Popular News

  1. AI at Scale, But at What Price? Taming Infrastructure Costs in 2025
  2. The Subnet Economy: Bittensor’s Blueprint for Scalable AI
  3. The Risks of Cognitive Offloading: Are AI Models Making Us Dumb?
  4. AI Superintelligence by 2030: Sam Altman’s Bold Timeline & Risks
  5. Stablecoins Might Not Be Stable at All
  6. Neuralink Blindsight: Will a New Implant for Vision Work?
  7. How Sitecore’s Agentic AI Rewrites Customer Engagement in 2025
  8. OpenAI for Government: The Rise of Military AI by 2026
  9. iOS 26: 4 Things to Know About Apple’s Bold New Privacy Push
  10. Fake B2B AI Tools Are the New Ransomware Bait & It’s Working

Related Features

You’re Being Watched: What Tech Companies Know About You & How to Fight Back
Cybersecurity

You’re Being Watched: What Tech Companies Know About You & How to Fight Back

 John Meah 2 days
Industrial Control Systems Security Checklist
Cybersecurity

Industrial Control Systems Security Checklist

 John Meah 6 days
“Is the Government Watching Me?” – What Americans Fear
Cybersecurity

“Is the Government Watching Me?” – What Americans Fear

 Maria Webb 1 week
Beware: AI Might Feed You a Phishing Scam on Your Next Search
Cybersecurity

Beware: AI Might Feed You a Phishing Scam on Your Next Search

 Franklin Okeke 1 week
Ransomware by Numbers: Why Nearly Half of Victims Pay
Cybersecurity

Ransomware by Numbers: Why Nearly Half of Victims Pay

 Franklin Okeke 2 weeks
Leaked Logins Shake Trust in PayPal Security in 2025
Cybersecurity

Leaked Logins Shake Trust in PayPal Security in 2025

 Maria Webb 2 weeks
Homomorphic Encryption: Securing AI Data Processing in 2025
Cybersecurity

Homomorphic Encryption: Securing AI Data Processing in 2025

 Marshall Gunnell 2 weeks
Self-Healing Networks: AI’s Role in Autonomous Cybersecurity
Cybersecurity

Self-Healing Networks: AI’s Role in Autonomous Cybersecurity

 John Meah 3 weeks
Popular Categories
Show All
Artificial Intelligence icon
Artificial Intelligence
Business Software icon
Business Software
Cybersecurity icon
Cybersecurity
Cryptocurrency icon
Cryptocurrency
Data Management icon
Data Management
Gaming icon
Gaming
Network icon
Network
Personal Tech icon
Personal Tech
Advertisements