Recently, I’ve seen a huge number of people promoting apps on forums. These are apps that they’ve vibe coded themselves, and that they’re trying to monetize. There are so many reasons why you shouldn’t pay for these apps.
Your data is one prompt away from disaster
Vibe coded apps may not be secure
Vibe coding is genuinely impressive. With just a few prompts, you can get AI chatbots to generate impressive apps that really work without writing a single line of code yourself. With time and effort, you can refine your app into something that, on the surface at least, does exactly what it’s supposed to do.
If you’ve ever used an AI chatbot for more than about five minutes, however, you’ll know that they can hallucinate. They don’t just get things wrong; sometimes they actively make things up out of the blue. The trouble is, if you’re vibe coding an app with no coding knowledge, you have no idea when this happens.
Vibe coded apps can contain significant security risks, such as plaintext password storage or broken authentication due to flawed code. When you hand the app your payment details and personal data, you’re not just trusting the developer to keep it safe; you’re trusting every hallucinated line of code that the AI model wrote.
Nobody checked the work, including the seller
Closed source means a lack of scrutiny
I see a lot of projects online where the app is quite niche and would only apply to a small subset of people. For example, on the Home Assistant subreddit, there are regular posts from people who have created an app that can do a specific job.
The whole ethos of Home Assistant is that it’s free and open-source, so trying to monetize it is already going against everything that Home Assistant stands for. Usually, when people create projects, they host them on GitHub so that anyone can examine the code and see exactly how they work.
With closed-source apps, however, this isn’t the case. No one else gets to take a look through the code to see if it’s solid or whether it’s a total mess filled with potential security issues. With open source software, people who know how to code can check the work and warn others off if things look bad, but with vibe coded apps, no one has checked the code, and that probably includes the “developer” themselves.
The pitch is usually a warning
Making an app in a weekend is not a selling point
A lot of the time, these vibe coded apps have dead giveaways. They include statements such as “I put this together in a weekend” or “built this solo in under 48 hours.” This isn’t something to be proud of; it’s a clear indication that the app has been built in a rush without adequate care and attention.
Real apps take time to build. If something has been thrown together in a weekend, then it’s highly unlikely that there’s been any proper testing, vulnerability scanning, or edge case hunting. It means that at best the app is likely to break when you try to do anything that the developer hasn’t considered, and at worst, the app could put all your data at risk.
Unfortunately, not every vibe coded app makes things this obvious. Some posts will try to obscure the fact that the app has been built using AI. Vibe coded apps can look polished and professional, so it’s not always easy to tell.
There is often one clue to look out for, however. People who use AI to write apps for them also often use AI to write forum posts for them. If there’s a post promoting an app, and it feels like the post was written using AI, then there’s a reasonable chance that the app was, too.
If they can make it, so can you
Why pay when you can make it yourself?
This is the biggest issue with people trying to sell vibe coded apps. If the developer doesn’t have any coding skills, then they’ve built the entire thing using AI models and some prompts. They then want you to pay them money for what they’ve built.
If they can make the app using AI, however, then so can someone else. If you see an app that looks vibe coded, and someone is trying to sell it to you, you may be able to vibe code your own version of an app that does the same thing.
If you’re relying solely on vibe coding, your app may have the same risks and issues as the one that they’re trying to sell you, but at least you’ll be aware of those risks. Since you’re making it for your own purposes, you may also be able to strip out many of the things that would make the app a security risk. If you’re running an app on your phone or your own computer, for example, you don’t need accounts or servers or databases storing credentials, and don’t necessarily need to send data outside your own home.
In other words, vibe coding your own version of an app may not merely save you from having to pay for it. It could also make it less of a security risk.
Vibe coding has its place
Don’t get me wrong, vibe coding can be very useful. I’ve used it to create simple apps for my own personal use. That’s the whole point; when you can do it yourself, there’s no reason to pay for anyone else’s poorly-built app.
