Technology: Startling investigation finds that simple flashlight apps on Android request up to 77 permissions - PressFrom - US
  •   
  •   
  •   

TechnologyStartling investigation finds that simple flashlight apps on Android request up to 77 permissions

23:35  11 september  2019
23:35  11 september  2019 Source:   bgr.com

All the cool things you can do on your phone's lock screen

All the cool things you can do on your phone's lock screen Unlock some hidden shortcuts. 

Even though a flashlight capability is now native to the latest smartphones, if you search long enough you can still find hundreds of flashlight apps on the Google Play Store. Apps like Ultra Color Flashlight, Flashlight Plus, Brightest LED Flashlight — Multi LED & SOS Mode, and Fun Flashlight SOS mode & Multi LED — all of which have some interesting things in common.

Startling investigation finds that simple flashlight apps on Android request up to 77 permissions© Provided by Penske Media Corporation google logo

As noted in a post this week on the Avast Decoded threat intelligence blog, those apps have all racked up at least 100,000 downloads. The exception is Flashlight Plus which, according to the blog’s data, has amassed 1 million. More worrisome, however, is this fact: They each request what seems to be way, way too many permissions. As many as 77, to be exact.

Over 1,000 Android apps were found to steal your data. Here's what you can do

Over 1,000 Android apps were found to steal your data. Here's what you can do Your privacy may be at stake, even if you deny these apps permission.

Sounds strange, right? After all, a flashlight app would seem to have a pretty limited purpose — to give the user the functionality of, er, a flashlight.

The Avast blog takes a deep dive into the sketchy nature of app permission requests from a total of 937 flashlight apps that certainly raise some eyebrows. One would think, the blog notes, that the permissions these apps need would be limited to things like accessing the phone’s flashlight; accessing the Internet, to show in-app advertisements; and accessing the lock screen, so the app can turn the flashlight on and off without needing the phone to be unlocked. “However,” the Avast team continues, “the alarming truth is that the average number of permissions requested by a flashlight app is 25(!).”

How to check your Android phone’s notifications on a Windows PC

How to check your Android phone’s notifications on a Windows PC Your phone and PC can work together if you set them up properly

From the blog post: “Believe me when I say that some of the permissions requested by the flashlight apps are really hard to explain, like the right to record audio, requested by 77 apps; read contact lists, requested by 180 apps, or even write contacts, which 21 flashlight apps request permission to do.”

The whole post is worth a read and serves as a reminder to be wary about app downloads — specifically, about being too cavalier when it comes to apps you aren’t sure about.

To underscore that reminder, the Avast team takes just one app as an example, an app called Flashlight from July 15, 2019. The app helpfully offers up its features, like an “easy-to-use operation and beautiful design.” Per the blog post, on the app’s Play Store page, the app even adds: “This Flashlight is completely free and has no unnecessary permissions. Being the brightest LED flashlight in the world with only a very small package for you to install!”

How to sync all your fitness activities with Google Fit

How to sync all your fitness activities with Google Fit Log all your hard work

Sigh. The Avast team actually found the app to be requesting a grand total of 61 permissions — including the ability to make a phone call and to change your network state.

Sign up for BGR's Newsletter. For the latest news, follow us on Facebook, Twitter, and Instagram.

Google purges 24 malware-ridden apps that were downloaded 500,000 times.
A new malware campaign called Joker targeting Android has been found to engage in ad fraud at least since early June 2019. © Provided by The Next WebThe findings, disclosed by cybersecurity firm CSIS Security Group, reveal that the malware — called Joker — is designed to surreptitiously sign users up for premium service subscriptions, in addition to stealing the victim’s SMS messages, the contact list, and device information. require(["medianetNativeAdOnArticle"], function (medianetNativeAdOnArticle) { medianetNativeAdOnArticle.

—   Share news in the SOC. Networks

Topical videos:

usr: 0
This is interesting!