Claim: Your flashlight app is stealing your personal data and sending it to cybercriminals.
Examples: [Collected via e-mail, September 2014]
I just read an alarming warning about flashlight apps for Android. As both I and my daughters have these apps, I was looking to see if this report is accurate.
Heard a gentleman talk about flashlight apps sending your information to foreign governments in China and Russia and India. Once installed they can spy on your activities. Is there any truth to this? It was on Fox News.
Origins: On 1 October 2014, cybersecurity company SnoopWall released a "threat assessment report" discussing flashlight apps for Android devices and security threats they may pose. Although the report was released to the accompaniment
It is indeed the case that a number of flashlight apps can and do request access to permissions and data on users' cell phones that seemingly has nothing to do with the ordinary functioning of the app, and that such permissions could theoretically enable criminals to obtain sensitive personal information from cell phone users. However:
- Having a flashlight app on your cell phone does not necessarily mean someone is stealing your personal data. (Realistically, any kind of app could be exploited for this purpose.)
- Just because an app requests permissions it may not need does not mean the app is being used for nefarious purposes. (Many, many apps request more permissions than they seemingly need.)
- Nothing about a flashlight app makes it inherently more susceptible to criminal exploitation. (Flashlight apps just happen to be one of the most common cell phone apps.)
According to Appthority's president, Domingo Guerra, Flashlight is designed to do location tracking, read my calendar, use my camera, gain access to unique numbers that identify my phone, and then share data with a number of ad networks, including Google’s AdMob, iAd, and JumpTap. It may not actually be doing all of these
On my phone, several apps want access to information they probably shouldn't, and odds are, that's the case with your phone, too. The lesson here is that when it comes to mobile software, there’s really no such thing as a free app.
All in all, as the Guardian noted, "developers are often asking for far greater power over a user's device, in order to collect data and sell it on to marketers and ad networks. It's the latest reminder that if you're not paying for an app, its business model may well involve selling your data." Or, as Jeff Werner of the Northwest Florida Daily News observed:
One flashlight app developer, Goldenshores Technologies (makers of the "Brightest Flashlight" app for Android), settled a complaint with the FTC in 2014 over their collecting location data and unique device IDs from users' devices and sharing that data with advertisers. So when it comes to apps — even "free ones" — caveat emptor.
Last updated: 25 June 2015
Davis, Gary. "Flashlight App Steals Data, Leaves Users in Dark." McAfee Blog Central. 9 December 2013. Fox-Brewster, Tom. "Check the Permissions: Android Flashlight Apps Criticised Over Privacy." The Guardian. 3 October 2014. Hayes, Jessica. "Smartphone Apps Could Spy on Users." WISH-TV [Indianapolis]. 23 October 2014. McMillan, Robert. "The Hidden Privacy Threat of ... Flashlight Apps?" Wired. 21 October 2014. Werner, Jeff. "Flashlight App Malware Could Be More Prevalent Than Originally Thought." Northwest Florida Daily News. 30 January 2015.