Mobile apps aren’t cheap to develop and maintain. To cover developement costs and drive profits, app publishers adopt various business models. They might charge a one-time fee for the app, offer an ongoing subscription, or finance the app through advertisements and provide it for free. This last option seems like the best deal for everybody, right? Or is it?

A recent hack of a data broker has revealed that the location data of many users was leaked from applications with ad services. These included games like Candy Crush, dating apps like Tinder, and sensitive apps like pregnancy trackers. Many competing scanning apps were also in the list. The app doesn’t even need to display the ad–the mere presence of the “code” enabling ads can result in data being sent, without the knowledge of the app user.

Someone picking a lock

The Developer’s Responsibility

In 2016, we removed ads from Genius Scan (iOS), and by 2020, we had removed the last banner ad from our Android app. This had a negative financial impact on our business, but this would align our business with our values.

Articles about the recent data leak suggest that this information was likely extracted without many developers’ knowledge. To us, this indicates either negligence or, more likely, a disregard for user privacy. This is particularly troubling for large companies with the resources to scrutinize their integrations.

At the time, we wrote the following, which remains just as true today:

When you include ads in your application, you have to embed a closed-source ad library (or ad framework). As a developer, you can’t see what’s inside, you don’t know what it’s doing, and if something goes wrong, you have no way to fix it. You have to trust it blindly.

Just a few years later, our concerns were validated when malware was uncovered in another scanning app. While the app itself wasn’t ill-intentioned, it included an ad SDK that contained a harmful module.

We were also aware that some ad frameworks could access location data “by default,” requiring developers to explicitly disable this feature:

Even today, if your app needs permission to use the user’s location for some genuine feature, ad frameworks [such as AdMob](https://web.archive.org/web/20170307093035/https://support.google.com/admob/answer/6373176) can hijack it to “better target” their ads, unbeknownst to the developer’s knowledge.

We concluded:

Although it’s the developer’s responsibility to know what they include in their apps, ad companies are never eager to disclose the intricacies of the frameworks they provide or make privacy-invasive functionalities opt-in. Removing ad frameworks is just an obvious step to avoid having a snitch in your app.

If we, as a four-person team at the time, could recognize this, so could other developers. Unfortunately, the industry often turns a blind eye when profits are involved.

Choose Who You Do Business With!

What can you, as a customer, do?

Keep in mind that app developers don’t offer free apps simply to please you. Developing mobile apps requires highly qualified engineers and is far from cheap. If you choose a free app, think carefully about why it’s free. As the saying goes, “If it’s free, you are the product.”

Paying for a subscription may not be ideal, but it aligns the app’s goals with your satisfaction. The upside of the no-ad business model is that developers relying on subscriptions must maintain the app, keep it bug-free, and continuously improve its features to retain customers. On the other hand, many users stick with “free” apps simply because… well, they’re free.

As for us, our business model is simple: we finance our apps through the upselling of premium features via subscriptions. These subscriptions pay for ongoing development costs and support our ten-person team. We hope you stick with us because our products enhance your life, not just because they’re free.