The Alarming Reason You Need To Stop Using Flashlight Apps
It's a tool that comes in handy often. Since the dawn of the smartphone, the back-facing camera array's LED camera flash has led a double life as a flashlight. Most modern smartphones now have an official flashlight button that activates the LED, but it wasn't long ago that the average user would need to download a flashlight app designed to do the same thing. These apps were helpful when the feature wasn't something as easily accessible, but now their purpose is null.
For those that still have some sort of flashlight app downloaded onto their phones, it may seem like a harmless bit of forgotten software. However, there is an alarming reality to many of these apps, one that includes the seeking of access to permissions that supersede their original purpose. These permissions, which in the case of a flashlight app should only really be access to the device's back-facing camera, are set to ensure the app remains securely sandboxed. Unfortunately, some flashlight apps have been found to be asking for permissions to functionality they should have no reason to access.
An unusually long list of permissions
The Android flashlight button is now so commonly used that Google's started to build new ways to access the feature. But for those users that aren't so savvy as to have deleted all the old flashlight apps of the past, there still may be a bit of danger.
A study by Avast found that a surprising number of flashlight apps request an unnecessary amount of permissions, sometimes up to 77 of them. When given, these permissions have allowed the apps to do actions such as reading contact lists or recording audio. It's not currently clear whether all flashlight-related apps have accessed permissions on Android devices for malicious purposes, but it would seem that some have done just that. Some of the shadiest of these flashlight apps were pointed out by Avast, including Ultra Color Flashlight, Super Bright Flashlight, and Flashlight Plus.
Android users aren't the only ones who need to be cautious, though. Some iPhone flashlight apps also make ridiculous permissions requests, as noted by an investigation run by Wired back in 2014. Flashlight apps appeared to be requesting permission to track an iPhone's location, use the camera, or read the device's calendar. Over the past few years, it's become far less likely that an average iPhone user would be duped by a flashlight app, especially since all modern iOS devices have a flashlight button that comes standard.
Why so many permissions?
One common way for an app company to make a profit is with ad integration. App developers will work with ad software that will, in turn, may attempt to gain access to permissions on your phone that you wouldn't otherwise be asked to give. Some app developers will also partner up with advertising companies to extract data from users in order to make a profit. This can make the use of less-than-reputable apps a bit of a privacy risk, if you grant these apps permissions they shouldn't need.
Instead, it's best to just delete these apps as soon as possible, and make sure to consider if the permissions an app requests should be necessary for its basic functionality. For iPhone users, there is also a method available to ensure apps aren't accessing parts of your phone you don't want them to. If you go to Settings, then Privacy, you can see the apps that have requested permissions on your iPhone, and you can activate or deactivate permissions for each app. You can also activate App Privacy Report, if you haven't already, to see when and how apps are using these permissions.
Android users can also get some peace of mind by heading to settings, then privacy, then permissions manager. Here you can see the activity of apps on your phone and what they are doing with permissions. You can also choose to toggle access to permissions for each app. If you've purchased an Android device in the past half-decade and haven't already downloaded a bunch of apps, giving them permissions with wild abandon, you're probably in very little danger of falling prey to malicious flashlight apps and their shady ways.