The Real Cost of Free Software

Developing a mobile app can be a costly business. Expectations for mobile app performance have steeply increased in recent years, and it isn’t always cheap or easy to meet those standards. Tools like free crash reporting SDKs can seem like a relief to mobile teams trying to stretch the budget—but sometimes software with no costs upfront can end up being much more expensive than paid alternatives.

‍

In this post, we’ll take a look at what it means for commercial software to be free and examine elements of cost and risk therein. All this doesn’t necessarily mean that free cannot be of benefit when building a mobile app, but before accepting those terms and conditions, it’s important to know how much your company might end up paying for it, and if you’re getting enough in return.

‍

Contents

• Data is the new gold
• Consumer vs. business freeware
• Data privacy and transparency
• Data ownership and third-party usage
• Data security
• Freemium functionality

‍

‍

When a company isn’t charging you a fee for its products, it’s earning its revenue elsewhere. It has been said for decades that “if it’s free, you are the product.” This saying couldn’t be any more true than in the case of commercial freeware. Most people are familiar with the concept of giving a company their data for free digital products or services and do it often. That data is then packaged and delivered to companies willing to pay to understand their consumers. Each data point collected is associated with a monetary value that can be profited on. Such is the case with companies like Meta, which has collected critical data on all its users, and sells that data to third parties that want to gain insights into their buyers. Billions of people have chosen to do so with the Facebook and Instagram applications, and Meta is now worth over half a trillion dollars.

‍

The alternative data industry clearly shows that you don’t need to charge a fee for a product to turn a profit. Companies that collect data from their users can analyze it for business insights, sell the data to brokers, or use it to sell targeted advertising. Meta is now worth twelve figures, but even that doesn’t compare to Alphabet, Google’s parent company. With a net worth of over $1.7 trillion, Google is one of the world’s most valuable brands. Most of Google’s value comes from its advertising platform—the key to its efficacy (and profitability) is the data Google collects from its users across its services.

‍

In today’s world, data builds empires. Companies like Google don’t create “free” software out of kindness. They do it because it makes them wealthy and powerful.

‍

‍

Most people don’t mind giving up some data in exchange for a product or service because they consider it to be a worthwhile transaction. Meta and Google product users and those of companies like them are generally aware that their data is being monetized, and ostensibly read the terms and privacy policies before signing up. For billions of people, this is an acceptable trade that happens every day.

‍

Trading data for freeware can be an easy choice for consumers, but this tradeoff is less simple when it comes to businesses. Products like app performance monitoring and crash reporting tools are necessary to build high-quality apps, and free is an attractive price. But mobile apps face significantly different risk factors and liabilities than everyday consumers. As an app owner, it’s important to know what those potential costs are before choosing a vendor that provides a service for free. We’ll outline those considerations in more detail below.

‍

‍

Data privacy legislation in recent years has increased, most notably with the implementation of the EU’s General Data Protection Regulation (GDPR) in 2018. GDPR compliance is required for all businesses with audience members in the European Union — which includes their websites, apps, and the tools they use. Mobile app owners are responsible for knowing how their SDKs gather, store, and use data. Carefully choosing a GDPR-compliant stack protects your business from liabilities and fines down the road.

‍

Non-GDPR compliant software can be used, but legally requires informing the user of your app’s data collection practices [1] (related: Top Mobile App Consent Management Tools). Google Analytics and Firebase, for example, are tools that are not GDPR-compliant by default. Apps are obligated to notify users about Google Analytics and data tracking in their privacy policies to comply with the GDPR, but even that may not be enough. In January 2022, the Austrian Data Protection Authority ruled that Google Analytics outright violates the GDPR [2], a decision followed weeks later by courts in the Netherlands [3] and France [4][5]. It’s necessary to stay up to date with international data privacy regulations if your mobile app uses any SDKs that collect personal data from the end-user.

‍

In addition, developers have a growing role in determining what the future of digital privacy looks like. Developers choose the tools that are used to build mobile apps and decide how much personal data apps collect. When companies choose to use products like Firebase for free in exchange for their user’s data, they give it an increasing amount of voyeuristic insight into the private lives of millions of people. It has already been shown that anonymized data can be used to identify real people [6] and that the companies that collect this data don’t necessarily care about respecting privacy—even now, Google faces a $5 billion privacy lawsuit filed by consumers [7]. Developers who do not want to see internet privacy slip away have the ability to make choices that protect their users, who are increasingly showing that privacy is important to them.

‍

‍

We’ve discussed above how data can be sold or mined for profit, and how this motivates companies to offer valuable services for free. Large companies like Google share data between the products on their platform to enhance product development and enhance insights; however, they’re not always transparent about how that data is used. For example, Firebase’s privacy policy is lacking in details regarding data sharing, particularly regarding its use by non-Firebase Google services [8]. It also states that Firebase Service data will continue to be used for other purposes even if users disable this setting, but is vague about how.

‍

Your app should have ownership of its data, not to be accessed by, shared with, or sold to third parties. Just as there are risks inherent in collecting and processing personal data, conversely, there are opportunities in establishing privacy as a core value of your brand [9]. End-users increasingly expect businesses to keep their personal data to themselves—and digital privacy ultimately factors into a brand’s perception and value [10].

‍

‍

No one likes a data breach—they’re financial disasters for companies and privacy nightmares for their customers. Increasing privacy awareness among the public has raised security expectations, and breaches are becoming more costly. In 2021, the cost of a security breach amounted to $4.24 million per incident on average [11]. The easiest way to avoid exposing sensitive data is to avoid collecting it.

‍

When installing and using cost-free SDKs that collect personal user data, caution is necessary. Data breaches frequently happen without the involvement of malicious actors and are more commonly associated with well-known software products than one might expect. In September 2021, 14 of the top apps in the Google Play store were found to be leaking sensitive user data collected by Firebase, exposing a potential 140 million people [12]. The cause: installation misconfiguration, which allowed anyone with the right URL to access their databases and all the user information stored in them. That data included users’ names, email addresses, usernames, private messages, and more, all available to anyone without authentication. This incident, which received no response from Google, showed that it’s relatively easy to misconfigure Firebase and accidentally leak sensitive data.

‍

The way your data is stored and accessed also factors heavily into its security. There are typically key differences between the ways free and paid software vendors host data due to cost and security considerations. Major cloud providers invest heavily in security, yet moderate to high concern about multi-tenant clouds remains among 93% of security professionals [13]. Large enterprises or mobile apps that handle sensitive data are encouraged and sometimes legally required to use single-tenant storage solutions to comply with privacy and security regulations.

‍

‍

So how about freemium products that profit from premium subscriptions rather than data collection? Freemium certainly has its place—it’s a way for companies to get a good product for free, but free versions are limited in functionality by design. The end goal of the vendor is to entice users into buying the premium version, which means that the free versions lack some of the functionality that gives the product value. Products like free crash reporting SDKs, for example, don’t provide valuable insights like OOMs, ANRs, repro steps, or detailed logs. Mobile app quality directly impacts business revenue, with even 1-second delays costing as much as $0.08 per user [14]. App quality is most efficiently addressed by using software that gives full visibility into performance issues.

‍

Time and effort are also costs that are often overlooked with “free” software, and can ultimately be measured in real dollars. Many free software products lack the features and integrations that help developers automate tasks, identify and triage issues, and prioritize fixes. At Instabug, we frequently speak with companies that dedicate numerous hours from talented developers to simple tasks like logging crashes manually or assigning JIRA tickets to the right squad. Premium features such as diverse third-party integrations and code ownership free up time and money for more productive endeavors.

‍

‍

With all this being said, free software isn’t always a no-go. Your tools should be evaluated on a case-by-case basis to ensure that they’re the safest choice for both your company and your app’s users. Analytics software, for instance, isn’t inherently anti-privacy, even if it’s free. Price-conscious developers have several open-source, privacy-oriented alternatives available [15], and the list is expanding.

‍

It's clear that digital privacy regulations are evolving rapidly, and we can expect more data privacy legislation to emerge in the coming years. As consumer and legislative expectations grow, companies will have increasing responsibilities to limit data collection and increase security measures. Developers can stay ahead of the curve by selecting services that prioritize privacy and security practices. Their users will thank them for not subsidizing app development costs with their privacy.

‍

Free can sometimes be a good place for companies to start, but keep in mind that the cost of free increases when you scale and your user base, workload, and the amount of data you collect increase. The real best price for software factors in considerations like time costs, functionality, regulatory compliance, privacy, security, and brand image—some of which come with higher initial price points but end up delivering far greater overall value to both companies and their customers alike.

‍