FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
Nosy flashlight apps want more permissions than they need
Mon, 16th Sep 2019
FYI, this story is more than a year old

Hundreds of flashlight apps on Google Play are asking for far more permissions than they need to, prompting a warning from security firm Avast that people should be careful about what apps they download.

There's no doubt that a phone's flashlight is an important tool for many people who need that extra bit of light. It might seem like a flashlight app just needs access to the camera flash in order to turn on and off. Apparently, that's wrong.

Avast analysed 937 flashlight apps and found that they request an average of 25 permissions. The worst of them (262 apps) require between 50 and 77 permissions. Furthermore, 267 apps request between 11 and 49 permissions, and 408 request 10 permissions or fewer.

What are those permissions asking for? Avast security evangelist Luis Corrons explains that some permissions are hard to explain – but much of it is to do with advertising.

“The right to record audio requested by 77 apps; read contact lists, requested by 180 apps, or even write contacts, which 21 flashlight apps request permission to do.

“The flashlight apps we looked into are just an example of how even the simplest apps can access personal data, and it's often not just the app developers that gain access to data when users download an app, but the ad partners they work with to monetise.

“Developer privacy policies are unfortunately not inclusive, as in many cases, further privacy policies from third-parties are linked within them.

While Avast says that there's a grey area about how many permissions are required and how many are malicious, because not all of them are harmful – per se.

When you install an app, you grant that app and its associated third parties access to everything in the permissions section.

“App developers often integrate ad software development kits (SDKs) into their code to earn money from advertisers. To allow these SDKs to target users with ads, the apps request countless amounts permissions,” Avast explains.

Users should carefully check permission requests, read privacy policies and terms and conditions. Potential users should also check user reviews on the app's download page.

Avast names the top 10 worst flashlight ‘permission' culprits on Google Play:

 1            Ultra Color Flashlight (77 permission requests)  

2             Super Bright Flashlight (77 permission requests)

3             Flashlight Plus (76 permission requests)

4             Brightest LED Flashlight -- Multi LED - SOS Mode (76 permission requests)

5             Fun Flashlight SOS mode - Multi LED (76 permission requests)

6             Super Flashlight LED - Morse code (74 permission requests)       

7             FlashLight – Brightest Flash Light (71 permission requests)           

8             Flashlight for Samsung (70 permission requests)

9             Flashlight - Brightest LED Light -Call Flash (68 permission requests)         

10           Free Flashlight – Brightest LED, Call Screen (68 permission requests) .