Recently an email has been making the rounds, scaring people like my mom by claiming that the flashlight app on their smartphone is stealing their information and sending it to China. This, of course, isn’t exactly true, and for the iPhone’s built-in flashlight, is patently false.
In case you don’t feel like scrolling down, you should note that despite the fact that the news report showed a lot of stock footage of iPhones and the iPhone flashlight, there is absolutely no reason to worry if you have an iPhone and you are using the built-in iPhone flashlight. It is not spying on you.
So What’s This About?
This whole thing started as many hysterical things do, when Fox News did a report and brought somebody on from a security company to talk about flashlight apps spying on their users. He starts by saying:
“I think this is bigger than Ebola right now, because 500 million people are infected and they don’t know it. But it’s not them, it’s their smartphones.”
Wow, that’s scary! You’d think Google and Apple would be on the case. And then he further says:
“The top 10 flashlight apps today that you can download from the Google Play store are all malware. They are malicious, they are spying, they are snooping, and they are stealing.”
He goes on to say that these apps are collecting your data and sending it to China and Russia, that you should reset your phone, and a lot of other scary things.
What’s Really Going On?
Last year, the maker of the most popular flashlight app in the Google Play (Android) store was caught stealing people’s geolocation data and selling it to advertisers, went under FTC investigation, and was forced to settle over the issue. It was definitely a dark day for privacy.
Because of this mess, the security company in the news report took a look at the permissions for the top 10 flashlight apps and decided that because they require a lot of permissions, they all must be malware. Nowhere in their report did they actually illustrate or prove that these apps are malware or sending your data somewhere, but they did make a table of the permissions that each flashlight app required.
Three of the apps they listed in their report required way too many permissions, including access to your location, which is definitely sketchy. But at least four of the applications that they listed as malware only have permission to access your flashlight, vibration, and access to the Internet (probably to display ads), but can’t access location or SMS or anything else.
The fact is that Android app permissions are a mess and you have very little control over what apps can do once you’ve agreed to install the application other than just trusting Google. Your best bet is to avoid installing apps that have permissions that look suspect, or only install apps from really reputable companies.
But that doesn’t mean that all flashlight apps are malware. So why the hyperbole?
At the end of the news segment the anchor asked what you should do about flashlight apps. The security company guy responded by saying:
Or look for a flashlight app that’s under a 100 kilobytes because the ones that spy on you, it tells you their file size, they’re 1.2 MB to 5 MB. Those are big files to just turn the light on and off. So if you find a really really tiny flashlight app, a privacy flashlight, you’ll be safe.
You can’t judge the security of an application by how big it is, and it is completely irresponsible for any security person to say that. In addition, some of the other flashlight apps are bigger because they include extra features, a nicer interface, or… advertisements. Those things all take up more space.
A Privacy Flashlight, You Say?
If you watched that news segment you might not have noticed when he said “a privacy flashlight,” but that’s the secret password to understanding what’s really going on here.
The security company in the news report has a free flashlight app in the Google Play store, and it’s called “Privacy Flashlight.” They also have Android security software that you can install. And, of course, you can pay for more features.
Oh, you aren’t surprised? I guess it’s pretty obvious what’s really going on.
There’s nothing wrong with their flashlight app, and we haven’t used their other security software. And there’s nothing wrong with bringing awareness to the problems with Android permissions — after all, we’ve done a lot of articles on the subject. But don’t scream malware without proof.
Note: since we haven’t yet done a full investigation testing every single flashlight app, we can’t be sure that none of these apps are stealing your data (and it looks like three of them are asking for too many permissions), but this seems like a scare tactic from a security company to get people to buy their security software.
The Built-in iPhone Flashlight is Not Stealing Your Data
As we mentioned above, the iPhone flashlight is NOT stealing your data, is not tracking you, and if you are an iPhone user, you should keep using it without worry.
The fact is that the built-in iPhone flashlight is part of iOS… it’s part of your iPhone. It was created by Apple, and you have nothing to worry about.
If you are using a third-party flashlight application on your iPhone you still don’t have to worry, because iPhone has a much better permissions system that notifies you right away if an application is trying to access your location or push notifications to you, or any number of other things.
Yes, the NSA is probably watching you brush your teeth.