ANDROID ALERT: Delete These Dodgy Apps Now

An Avast security researcher has issued a warning imploring Android owners to remove some 930 Android flashlight apps found in the Google Play Store. On average, each of these apps request 25 separate system permissions for unknown purposes, while some requested more than 70. Time to do some spring cleaning, methinks.

In a blog post entitled Flashlight Apps on Google Play Request Up to 77 Permissions, Avast Security Evangelist Luis Corrons explains why you should probably do away with third-party flashlight apps and stick with Android’s inbuilt offering instead. The reason is the astonishing number of permissions they require to enable installation.

Corrors assessed 937 flashlight Android applications and found that well over half required at least 11 permissions – and usually much more.

“One would think the permissions needed by [flashlight] apps would be limited just to accessing the phone’s flashlight, the internet and access to the lock screen, so the app can turn the flashlight on and off without having to unlock the phone. However, the alarming truth is that the average number of permissions requested by a flashlight app is 25,” Corrons said.

“Some of the permissions requested by the flashlight apps are really hard to explain, like the right to record audio, requested by 77 apps; read contact lists, requested by 180 apps, or even write contacts, which 21 flashlight apps request permission to do.”

Disturbingly, some of the apps required the KILL_BACKGROUND_PROCESSES permission. As Corrons points out, this could potentially be used to kill a security app without the user knowing.

Below are the ten flashlight apps that requested the most permissions. As you can see, while some have only been downloaded a few dozen times, others have managed to amass over a million customers. If you have a flashlight app on your phone right now, there’s a fair chance it’s one of these.

Top 10 apps requesting most permissions

App Name Permissions Count Number of Downloads
Ultra Color Flashlight 77 100,000
Super Bright Flashlight 77 100,000
Flashlight Plus 76 1,000,000
Brightest LED Flashlight — Multi LED & SOS Mode 76 100,000
Fun Flashlight SOS mode & Multi LED 76 100,000
Super Flashlight LED & Morse code 74 1,000,000
FlashLight – Brightest Flash Light 71 1,000,000
Flashlight for Samsung 70 500,000
Flashlight – Brightest LED Light & Call Flash 68 1,000,000
Free Flashlight – Brightest LED, Call Screen 68 500,000

To be fair, just because an app requests a stack of permissions does not make it malicious. But do you really want to place your trust in a ‘FREE!’ flashlight app from an unknown source? As the adage goes, when something is free, you are the product.

Needless to say, you should always check app permissions carefully before hitting the install button. If a simple on/off flashlight application requests 70 permissions – or even half that number – you should definitely look elsewhere. You can read Corrons’ full report at the link below.

[referenced url=”” thumb=”×231.gif” title=”Reminder: Popular Apps Are Never Truly ‘Free’” excerpt=”Users of the newsletter management app have been left outraged after discovering the service was “secretly” mining and selling their data to Uber – specifically, email receipts from rival company Lyft.

On the surface, this seems like a sneaky and underhanded betrayal of user trust. However, the app’s Privacy Policy made it abundantly clear that this sort of thing was a possibility. It’s another reminder that you need to actually read the terms and conditions if you care about privacy.”]



Leave a Reply