A simple app like the Flashlight apps at Google Play Store can put any Android phone at risk of cyberattack, new research has claimed.
A report from Avast says Android flashlight apps often request an average of 25 permissions, like audio recording and contact information, to allegedly function properly. This includes one app installed over a million times demanding 76 separate permissions one installed.
Access to flashlight apps
Avast’s research examined 937 flashlight apps that were once available or are currently available on the Google Play Store.
Out of this collection, the company found that 408 requests 10 permissions or less; 267 requests between 11 and 49 permissions; and 262 apps request between 50 and 77 permissions.
“Some of the permissions requested by the flashlight applications we looked into are really hard to explain,” says Luis Corrons, Security Evangelist at Avast. He noted that 77 apps requested the right to record audio; 180 asked to read contact list;, and 21 requested to write contacts.
Avast says that its research highlights something of a grey area when it comes to app permissions. Not all of the apps will have been trying to carry out malicious activity, but some developers do include ad software development kits (SDKs) into their code to earn money from advertisers.
“The flashlight apps we looked into are just an example of how even the simplest apps can access personal data, and it’s often not just the app developers that gain access to data when users download an app, but the ad partners they work with to monetize. Developer privacy policies are unfortunately not inclusive, as in many cases, further privacy policies from third-parties are linked within them.”
Suggestion: The best suggestion I can give to any person using android is that. “please check if the any app like flashlight asks unnecessary permissions, so I don’t recommend you to install it!”