Home Forum

Flashlight app woes?

For those who didn't know, the flashlight app "Brightest Flashlight Free" settled in court after having sold user's personal information to advertisers. I saw a video of a news story on it. They said the data goes to China, Russia, and India from what they have found so far. They also said that the top 10 flashlight apps all have similar malware in them, and that not only should we uninstall any if we have it, we need to factory reset. They said only the flashlight apps under about 100K in size might be safe.

I looked this up on Snopes, and the settlement was real with that one app but they said the other similar apps aren't dangerous to install.

Does anyone know what is going on? Can malware make it through Google and Android antivirus scanners if it's actually a trojan style virus that hides in the app when you approve the permissions? How do we know if this happens with other apps?

I don't have a flashlight app because I always carry a real one around. However I know many people do, they said 500 million!
 

Related:

#1 gloriousnumber1, Oct 3, 2014
I saw the same story. I had installed one of the 10 apps listed in their report and now am wondering if I need to do a factory reset. (the report can be found on the website snoopwall dot com (because I'm new, I can't post the link).

Before I go to this trouble -- I was looking to see what others thought about the need for the reset. Thoughts? Thanks!
 
#2 indymousefan, Oct 3, 2014
Hello there, I moved your thread to Android Applications, as that is what's being discussed here. Any problems PM me. :)

Any flashlight app should only be doing one thing, turn the LED flash on, nothing else. And that will be reflected in the flashlight app's permissions. It does NOT need full internet access, personal details, location, messaging, phone calls, etc. And if you do go installing a flashlight app that has many unnecessary permissions for its function as a flashlight, e.g. full internet access, you probably can expect all your details to be phoned home to servers in probably China or Russia, as well as all kinds of ad shit happening, etc. Unless the devices is rooted and the whatever flashlight app did things at the root level, just uninstalling it will restore things to normal, no need to factory reset.

I use CyanogenMod, there's a flashlight app called "Torch" built-in, and all it does is turns the LED flash on and off, so can use the phone as a flashlight.

It's same thing with wallpaper apps, they only really have one purpose, to make your phone look pretty, and not to track and spy on you, etc. which again will be reflected in the wallpaper app's permissions.
 
#3 mikedt, Oct 4, 2014
If a flashlight app is ad-supported then it will require internet access (though you can find flashlight apps which don't have ads and so don't need this). And Camera access is generally required to activate the LED. But that's it.

You do get apps which have more permissions that they need without being malicious, just because they've been sloppily coded and the developer has requested far more permissions than they need. But once an app has a permission you could add something dodgy to it without changing the permissions, so I'd advise avoiding apps with excessive permissions regardless. But you do need to understand the permissions to judge this in some cases (e.g. a flashlight app needing camera permissions to control the LED on many devices, music apps needing phone state permission in order to mute when a call comes in, etc).

The interesting thing to me is that the Brightest Flashlight app is still available. Even if they've removed the malware from the app, I have to say I'd have deleted their developer account on the spot for what they'd done there.

Indymousefan, no need to factory reset. Delete the app and install a trustworthy one in its place and you're fine (I personally use TeslaLED - I prefer an add-on app to one that comes with the phone as it means I can use the same app with any ROM).
 
#4 Hadron, Oct 4, 2014