Over the last couple of years, the focus on application permissions has been slowly but steadily gathering traction. This is great news because Android app permissions are the best way to determine what an app is doing without ripping the app apart Ron Amadeo-style and literally looking at what the app is doing in the code. Unfortunately, this has also created a new source of paranoia as users look at a permission that an app needs and immediately think of the worst case scenario which isn’t necessarily the correct mindset either.
A recent study performed by SnoopWall declared all flashlight apps unsafe and that people should get rid of them immediately. They produced a chart (pictured above) that shows the various permissions that the top ten flashlight apps ask for. It may look scary at first and that is kind of the intention. They are, in fact, Android apps and they do need permissions to function properly. However, there is a right and wrong way to do it.
As you can see in the flowchart, Super-Bright LED Flashlight, Brightest Flashlight Free, Brightest LED Flashlight, High-Powered Flashlight, and Flashlight LED Torch Light all seem to require more permissions than the others. The most likely scenario is that they gather data to make a user profile which they then sell. It sounds alarming but a lot of companies do this to make money and that’s what allows them to give away their services and apps for free. Other notable apps and services that have done this include Angry Birds, Dictionary.com, Microsoft, Google, Facebook, and yes, even Apple.
SnoopWall recommends that you uninstall your flashlight app immediately and install their security flashlight. They also recommend never using Bluetooth except in your car, never using NFC except for critical applications, and even putting masking tape over your webcam when you’re not using it or pulling the battery from your smartphone when not in use. These are a tad alarmist and unreasonable for most users unless you’re in an airport with a lot of seedy looking people.
Aren’t these flashlight apps spyware?
Whether or not these practices are bad are determined by each individual’s opinion on personal privacy. There are many people who don’t mind having their information collected and sold in return for free use of an app or service. On the other hand, there are many people who do mind. The important thing to remember is that neither side is wrong because it’s their data and they can give it to whomever they choose.
Another important factoid is that these apps aren’t spyware or malware. It is true that they act like spyware but the difference is in the details. Spyware collects your information, changes your system settings, and sends data to a third party without your consent. However, thanks to the Android permission system, you can see that these apps distinctly ask for your location, call history, and other information before you install it and thanks to recent changes, all Android apps have permission to access the internet. That means that installing the application gives it permission to access and transmit this data thereby negating the primary characteristics that define spyware.
In most cases, malware doesn’t work on Android at all as long as you have the “install from Unknown Sources” setting in your privacy settings disabled which it is by default. Without the ability to install garbage from sources outside of the Google Play Store, most malware is rendered useless. Since the Google Play Store is strictly regulated, there is almost a zero chance of malware ever making it to your smartphone to begin with.
Are all flashlight apps out to get us?
The answer to that is up to personal interpretation and that’s what makes this subject so volatile. The phrase “out to get us” is fairly ambiguous. Are some of these flashlight apps gathering data about you to sell to third parties to make a few bucks thus justifying them giving you the app for free? Yes. That is something that happens often and not just in flashlights. Whether or not it’s a bad thing depends on your personal view on security. Like I said earlier, some people don’t mind and others do.
It’s also important to note that not all flashlight apps collect data. On that flowchart alone there are two applications that have the bare minimum permissions to function and that is Tiny Flashlight and Color Flashlight. There are dozens, maybe hunderds, more in the Google Play Store that don’t ask for any additional permissions. To come to the conclusion that all flashlight apps are bad based on such a small data set is irresponsible and makes many clean flashlight apps (and the developers of those apps) look bad.
The bottom line is that some of these flashlight apps are out to collect some personal data and sell it. However, these apps are very easy to spot if you read their permissions. There are plenty of others that don’t ask for those permissions. The answer to the question posed above is no, not all flashlight apps are out to get you.
How do we stay safe?
There are varying degrees of safe and that makes recommendations here difficult. If you’re really into protecting your privacy at any cost, the Snoopwall method isn’t half bad. You’ll be spending more time in your settings turning things on and off than most and you’ll be researching permission use for every app you download but it is effective if you plan on going that route.
There is a more pragmatic set of steps you can take to keep you relatively safe. They include:
Leave the Install from Unknown Sources setting disabled. Apps can’t install from anywhere aside from the Play Store as long as this setting is disabled. It’s generally disabled by default so you shouldn’t have to make any changes.
Use Verify Apps (enabled by default) which allows Google to check the app against its database to make sure that it’s safe. You can read more about that here.
Only install applications from the Google Play Store or the Amazon Appstore. These sites are regulated by Google and Amazon respectively and problematic apps are usually stopped at the gate.
If you visit seedy websites, or click on seedy ads, don’t install whatever it is they try to get you to download. It isn’t safe. If you do download something, use a file manager and delete it immediately.
Use your common sense. If something doesn’t feel right then don’t do it.
A lot of people don’t like antivirus apps because following the steps above generally negates the need for one. However, if you’re lazy or you don’t feel confident in your knowledge of permissions or usage habits then having one isn’t a horrible idea. You can find a list of great antivirus apps here if that sounds like you.
The most important thing when it comes to security and privacy is to keep calm and approach the problem with a level head. You know what level of security and privacy you require and it’s just a matter of taking the appropriate steps to avoid complications. These kinds of activities are not going away any time soon because they’re profitable. That may not be preferable but it is nothing to be alarmed about.