Do you still own a flashlight app on your Android smartphone? If that’s a yes, then your personal data might be at high risk.
After studying over hundreds of flashlight apps, Avast Security Researcher, Luis Corrons, discovered these Android apps ask for an insane amount of unwanted permissions — average being of 25 permissions per app.
Out of the tested 937 flashlight applications, he found 262 Android apps that require 50 permissions and more. Moreover, eight Android apps asked for over 70 permission, some having a million downloads on the Google Play Store.
Interestingly, Corrons also reports that 408 Flashlight Android apps only asked for 10 permission or less, begging the question of why other Flashlight applications need such a large number of permissions.
What permissions are we talking about?
Theoretically, a Flashlight Android app would need just one permission in order to access the flashlight. However, as we see, that’s not the case here.
In the research, Corrons found that the Android apps in question asked for all sorts of unnecessary permissions. To illustrate: 77 apps requested access to audio permission, and over 180 apps tried to access the contact list.
However, Corrons appear confused over a few permissions like KILL_BACKGROUND_PROCESSES, requested by over 282 Android apps. While the permission can be dangerous since it has the ability to kill a security app, “the use case of some flashlight apps is to reduce the battery consumption.”
Do you even need Flashlight Android apps?
A few years back, flashlight apps, clearer apps, file manager apps were the need of the hour. Today, smartphone manufacturers have either a proprietary app in place or an inbuilt feature.
In fact, smartphones come with a built-in flashlight feature since the release of Android Lollipop. However, this might not apply to you, if you belong to the 10% of Android users running previous versions.
What can you do?
Flashlight Android apps are only the ones who have come to the spotlight. There are still hundreds of Android apps which request unnecessary permissions.
The best practice is to look at the permissions requested by an Android app carefully. And if they look suspicious, try to avoid giving permissions entirely.