Tuesday, November 18, 2014

Beware of Flashlight apps!

G'day to you! Great to see you. Glad you could make it by. Coffee's always on here and our virtual no-calorie megamuffins are bigger than the potholes in cyberspace! I hope your trip through cyberspace today is not fraught with too many potholes but let me tell you about one danger in the cyber sky. Do you have a 'flashlight' app on your smartphone? Thanks to Anthony in Manchester for telling me about this...


On 1 October 2014, cybersecurity company SnoopWall released a "threat assessment report" discussing flashlight apps for Android devices and security threats they may pose. According to SnoopWall (who recommends using their flashlight instead of competitors' apps) the list of

permissions required by most flashlight apps is proof that the apps' makers are harvesting data and sending it abroad to cybercriminals.

It is true that one flashlight app developer settled a complaint with the FTC over data collection policies in 2013. But the current anxiety over flashlight apps appears to have been prompted by the publicity surrounding the release of SnoopWalls' self-promotional report rather than any specific breach of data security: the SnoopWall "threat assessment report" merely stated that some flashlight apps "appear specifically designed to collect and expose your personal information to cybercriminals or other nation states" (including China, India and Russia); it offered no evidence that flashlight apps were actually being used for such purposes.


It is the case that a number of flashlight apps can potentially request or access data on users' cell phones that seemingly has nothing to do with the ordinary functioning of the app. As Wired noted, however, that statement is also true of many other types of apps, and the fact that a given app has access to data doesn't necessarily mean the app is actually using that data:


A mobile phone security operation called Appthority did an analysis of the data that Flashlight can potentially request, and it's pretty scary.

According to Appthority's president, Domingo Guerra, Flashlight is designed to do location tracking, read my calendar, use my camera, gain access to unique numbers that identify my phone, and then share data with a number of ad networks, including Google’s AdMob, iAd, and JumpTap. It may not actually be doing all of these things — Appthority's analysis only shows what the software is capable of, not necessarily what it's actually up to — but the fact that there's such an arsenal of dubious uses should raise eyebrows.

On many phones, several apps want access to information they probably shouldn't, and odds are, that's the case with your phone, too. The lesson here is that when it comes to mobile software, there’s really no such thing as a free app. 
To read SnoopWall's full report on what this 'malware' can do to you, go to: http://www.snoopwall.com/threat-reports-10-01-2014/  
Yikes! Glad I don't have a flashlight app on my smartphone though I must admit that I have used the bright screen on the smartphone itself to navigate around in the dark occasionally. There are some who might say that I am usually in the dark anyway, but...

See ya, eh!

Bob

0 comments: