I have to question whether some security apps are in fact secure themselves. So called free apps are not truly free at all. They either have ads, or sell information about you to various companies and corporations. Nothing is free. The businesses and people that create apps spend a lot of time doing so, thus they need to get compensated somehow.
This leaves me to wonder if some of these free security apps are truly free? They might be great at preventing viruses, malware and other security risks from other evil doers. But who is watching over them? Are they selling our information/data to corporations? Something to think about
It depends on the application. Privacy and terms of services should show if your data is being sold to a 3rd party vendor. Free apps work in multiple ways.
1. Advertisements - Can be a source of revenue with appropriate contractors.
2. Exposure - People like "free" stuff, having a free version of the product increases chances of people using the application and potentially buying it.
3. The app is open source. Which means there is no consistent development team, just a couple people doing this at their free time/ for fun or if the donations are good enough, for profit.
These are the main approaches. Other means of free applications are either malware developers trying to gain access to users, or companies trying to steal data. Nothing is free as you said, but it depends on the concept and the end goal of the application to determine its degree of "free".