Do We Trust 3rd Party Apps Too Much?

The other day I installed Sparrow, a GMail desktop client for Mac (review on that soon). Without thinking anything of it, I put in my username and password. When it told me I had the wrong username and password, even though I did not, I started to get a little worried (turns out it’s because I didn’t have IMAP enabled in GMail). You see, I was willing to give this brand new software a try without knowing anything about the developers or the software, except that it looked cool, and I willingly gave the username and password to my primary email account of the last 6 years. That got me thinking about how many of us just trust 3rd party applications.

How many times have you downloaded an application that added functionality to your Facebook, Twitter, Google, Flickr, or any website account you have? It could be a desktop or mobile application, for example. We’ll install it, not reading the End User License Agreement because it’s long and mostly legal jargon, and just agree to it. Then most of those apps will prompt you for your username and password for that particular service (Facebook, Google, etc) and we will gleefully give it, excited to try out this shiny new software without even thinking that it could be a scam to get our information.

I’ve done this tons of times- Sparrow, Tweetdeck, Foursquare, Appbrain (for what I use every day), and tons of apps I just download to try, but don’t keep. It wasn’t until Sparrow threw an error that I even gave this a second thought. Luckily all of the named apps are great apps that did not steal my info, but it would be fairly easy for some unscrupulous developer to do so. So what can you do to prevent this?

• Think before you login. Most of our services (Facebook, Twitter, Google) now have some form of authentication where you don’t need to give the 3rd party app your username and password. It should be the case most of the time that you click a button and go to the service’s website and verify the 3rd party app (but this is not necessarily true of all apps).
• Look for reviews on the app. Want to try out an app, but not sure about it? Look for reviews from people who have tried it. Some good, credible websites for software review include LifeHacker and AppStorm. See what they have to say about the applications. Doing a Twitter search for the app name is also a good idea.
• Research the developers. See what kind of track record the software makers have. If they have a set of apps that have been around a while, chances are they are legit. If they are newcomers, see what their online presence is like. Do they have a blog, Facebook, Twitter? Try to find something that will gain your trust.
• Use a temp password or account. If you really want to try the software but haven’t seen anything about the developer that gains your trust, change your password to something you’ve never used before (nor plan to use) and login with that, or create a temporary account just for the purpose of first testing 3rd party apps. Either way, you’re not putting your password in jeopardy.

99.9% of the time these 3rd party applications are not going to steal your information. Maybe it’s unfair of me to mention specific apps that I use in this article when all of them are trustworthy. The overall point is that we are very open with our information- we’ll share a password with a 3rd party app without thinking twice. As a couple of my friends on Twitter said, you can never be too paranoid about data security and sharing passwords.