CYBER SECURITY AND FLASHLIGHT APPS

[Paul's Here 0]

You have to watch this. FLASHLIGHT ON SMART PHONES

[Jason Fowler 0]

Some sound advice was given at the end as far as app size and potential for malware. On Android prior to installing an app a window will appear telling you what components of the phone, software and hardware, the app requires access to. A flashlight app should request access to the camera as it is using the camera flash LED as a flashlight. Anything else it requires is not necessarily a sign of malware but it should make you think twice before continuing.

There are apps that require access to lots of things because of how tightly they integrate various functionality. Social networking apps would be an example of this and they represent a very gray area in terms of how privacy is protected.

It seems to me that the government is so busy violating rights that its handling of legitimate functions have fallen behind, especially in regards to technology and intellectual property. NSA budget: at least 10 billion Patent office budget: 2-3 billion.

[Betsy Speicher 0]

You have to watch this. FLASHLIGHT ON SMART PHONES

Snopes says (link):

On 1 October 2014, cybersecurity company SnoopWall released a "threat assessment report" discussing flashlight apps for Android devices and security threats they may pose. According to SnoopWall (who recommends using their flashlight instead of competitors' apps) the list of permissions required by most flashlight apps is proof that the apps' makers are harvesting data and sending it abroad to cybercriminals.

It is true that one flashlight app developer settled a complaint with the FTC over data collection policies in 2013. But the current anxiety over flashlight apps appears to have been prompted by the publicity surrounding the release of SnoopWalls' self-promotional report rather than any specific breach of data security: the SnoopWall "threat assessment report" merely stated that some flashlight apps "appear specifically designed to collect and expose your personal information to cybercriminals or other nation states"; it offered no evidence that flashlight apps were actually being used for such purposes.

It is the case that a number of flashlight apps can potentially request or access data on users' cell phones that seemingly has nothing to do with the ordinary functioning of the app. As Wired noted, however, that statement is also true of many other types of apps, and the fact that a given app has access to data doesn't necessarily mean the app is actually using that data:

The Flashlight app on my phone is built by a company called iHandy. [A] mobile phone security operation called Appthority did an analysis of the data that Flashlight can potentially request, and it's pretty scary.

According to Appthority's president, Domingo Guerra, Flashlight is designed to do location tracking, read my calendar, use my camera, gain access to unique numbers that identify my phone, and then share data with a number of ad networks, including Google’s AdMob, iAd, and JumpTap. It may not actually be doing all of these things — Appthority's analysis only shows what the software is capable of, not necessarily what it's actually up to — but the fact that there's such an arsenal of dubious uses should raise eyebrows.

On my phone, several apps want access to information they probably shouldn't, and odds are, that's the case with your phone, too. The lesson here is that when it comes to mobile software, there’s really no such thing as a free app.

All in all, as the Guardian noted, "developers are often asking for far greater power over a user's device, in order to collect data and sell it on to marketers and ad networks. It's the latest reminder that if you're not paying for an app, its business model may well involve selling your data." But in this regard it doesn't appear that flashlight apps are a particularly greater security risk than any other form of app — users take similar risks whenever they download any type of free app, not just flashlights. And so far we've seen no reports documenting that any flashlight app is secretly funneling personal data to cybercriminals in foreign countries.

Last updated: 21 October 2014

[alann 0]

Thanks, Betsy. I was really in the dark on this.