How do you know if an app is secure and protects your privacy?

So when you need a app… like a stopwatch or something and you go to google play store.
How do you now which app is secure and protects your privacy and which not?

i need some guidelines for this.

1 Like

Do you mean “secure” as in malware or virus security, or do you mean “privacy” respecting?

Privacy wise I would not use Google playstore, but if you need those apps, use AuroraStore for free apps. In Aurora you can see the trackers of most apps. Trackers can break your privacy.
Trackers and apps can detect your real location even when you’re using a VPN based on your Wi-Fi router location or if the satellite location tracking is enabled.

1 Like

This may be of interest to you: Is it safe to install a "companion app" with a Firefox extension? - #21 by exaCORE

Basically, choose reputable and open source and actively maintained applications. Make sure to research apps before you download. F-droid can also be a good resource to find new apps, but always do your research.

DivestOS also has a list of recommended apps you could look at: Recommended Apps - DivestOS Mobile


With that example I’d just use the clock app that comes with Android.

I try to minimize the number of apps I actually use. I look to see if they’ve got a github repo, first, and how active source repo is vs number of contributors.

If it is an application where strong cryptography is required for protecting communications, eg an instant messenger, then I would look for professional audits.


I would also like to know if you guys have some exhaustive list of perfect security and privacy metric for apps, Android etc.

For Android (open source apps only):

  • Fewer permissions as much as possible and make sure it doesn’t use permissions it doesn’t make any use of. (1)

  • Doesn’t contain any trackers (1)

  • Reproducible builds

(1) Both can be checked by scanning apps using εxodus

Please refer to Label products which use Google Firebase or other Google dependencies - #30 by dngray

it’s entirely possible to do tracking server side and have “no trackers” in the application ie. Facebook.

We mention this in the [Warning] admonition on this page .

Even websites like Exodus that simply look at the imports can’t relied upon.