Flashlight apps could be putting your Android phone at risk of coming under cyberattack, new research has claimed.
A report from Avast found that Android flashlight apps request an average of 25 permissions, such as audio recording and contact information, to apparently function properly.
This included one app installed over a million times asking for 76 seperate permissions upon being installed.
Avast’s research examined 937 flashlight apps that were once available or are currently available on the Google Play Store.
Out of this collection, the company found that 408 request 10 permissions or less, 267 request between 11 and 49 permissions, and 262 apps request between 50 and 77 permissions.
“Some of the permissions requested by the flashlight applications we looked into are really hard to explain,” says Luis Corrons, Security Evangelist at Avast. He noted that 77 apps requested the right to record audio, 180 asked to read contact lists, and 21 requested to write contacts.
Avast says that its research highlights something of a grey area when it comes to app permissions. Not all of the apps will have been trying to carry out malicious activity, but some developers do include ad software development kits (SDKs) into their code to earn money from advertisers.
“The flashlight apps we looked into are just an example of how even the simplest apps can access personal data, and it’s often not just the app developers that gain access to data when users download an app, but the ad partners they work with to monetise. Developer privacy policies are unfortunately not inclusive, as in many cases, further privacy policies from third-parties are linked within them.”