As with every app downloaded on our smartphones, we grant them specific permissions to help them perform their job. Often, these permissions are asked in the form of a pop-up which users accept without reading. After all, what harm can a simple app do?
Turns out, a lot. Avast has released a report that details analysis of 937 flashlight apps on Google’s Play Store and the variety of dangerous permissions that they seek which can be categorized into the following:
- 408 applications requested 10 or fewer permissions.
- 267 applications requested 11-49 permissions.
- 262 applications requested 50-77 permissions.
The top 10 apps in terms of the permissions requested happen to be these:
Among the extra permissions analyzed,
- 180 apps wanted to read your contacts – seems like a golden advertising opportunity by using all those numbers to send spam en masse.
- 131 apps requested the right to access your location – it’s possible that the NSA happened to sponsor one of these particular apps, plausible if you think about it.
- 21 apps wanted to write your contacts for you – I guess free time is not so uncommon these days.
A complete list has been summed up by Avast in the picture below,
Nonetheless, some of these also have double purposes as Luis Corrons states,
Permissions like KILL_BACKGROUND_PROCESSES, are very powerful and can be abused for malicious purposes, for example, it could be used to kill a security app. However, the use case of some flashlight apps is to reduce the battery consumption, so you can use the app longer and hence not every extra permission can be equated with mal-intent.
What’s alarming from all of this is that all the data gained through such unrestricted access can easily be sold to third parties hurting the user in the long term. Moreover, these applications can also use your preferences to perform in-app monetization which in itself is not bad as long as it is done by explicitly informing the user. How this works is best explained by Yogesh from MoneyLife in that,
Sometimes, the app developers integrate ad software development kits (SDKs) into their code to earn money from advertisers. To allow these SDKs to target users with ads, the apps request countless permissions.
In light of the above, there are certain precautions that a user should take. Firstly, always read the permissions being sought and deny any that go beyond the intended use of the app. Sure, some apps might not work due to these not being granted but there are always alternatives that you can go for. Secondly, report any shady tactic you see being used to the appropriate authorities or if your data is accessed unauthorizedly Thirdly, do a background check of the app by reading its reviews online.
To end, if possible, try to read the privacy policies of these applications so that you can better understand how your data is being used. Furthermore, it is recommended that you analyze all of the apps present on your phone currently and delete all those that resemble the aforementioned techniques – Moreover, keep your smartphone updated and scan it with a reliable anti-virus software regularly.