In the case of some popular software, not necessarily.
Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app’s developer failed to secure the database’s server.
The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.
But the server wasn’t protected with a password, allowing anyone to access the company’s database of user records, totaling more than 577 gigabytes of sensitive data.
. . .
Each record contains a basic collected data, including the user’s full name, email addresses, and how many days the app was installed. Each record also included a user’s precise location, including their city and country.
. . .
More complete records also include the device’s IMSI and IMEI number, the device’s make and model, its screen resolution, and the device’s specific Android version.
A large portion of the records also included the user’s phone number and the name of their cell phone provider, and in some cases their IP address and name of their internet provider if connected to Wi-Fi. Many records contain specific details of a user’s public Google profile, including email addresses, dates of birth, genders, and profile photos.
We also found several tables of contact data uploaded from a user’s phone. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. It’s not clear for what reason the app uploaded email addresses and phone numbers of contacts on users’ phones.
Several tables contained lists of each app installed on a user’s device, such as banking apps and dating apps.
There’s more at the link. It makes for disturbing reading.
This is very worrying for two reasons. The first and most obvious is that the app developer did not password-protect user information, leaving it vulnerable to hacking. The second, more insidious concern is that most users probably did not have any idea of how much information about them and their telephones, contacts, etc. the app was collecting. Privacy? What privacy?
This is by no means the only instance where a ‘free’ app proved to be risky at best. One of the best-known cleanup programs, CCleaner (the free version of which I’ve used myself for a very long time), was recently infected with malware, which downloaded itself to users along with a program update. That affected my computer, too. It took a lot of hard work by a lot of people, and disruption to many users’ computers, to deal with the problem.
Moral of the story: free software isn’t necessarily free of malware, viruses, and bugs. Even paid software isn’t immune. Use at your own risk.