It is our duty to protect our data— but are we ready?

No one would have thought that the most practical invention of the past decade will be the Smartphone.

It is a reality that we cannot live without these devices at all. Smartphones have become a mandatory part of our life since with few taps on its screen we can monitor everything from our inbox to bank account, social media accounts and now our homes as well.

However, one aspect that we generally overlook is the high intensity of personal information that we actually store in our smartphones and how easily accessible this data is not only to ourselves but to others as well. Latest studies on Android reveal that many users do not care about this aspect at all.

Screenshot of “flashlight app” that are stealing your personal information.

Snoopwall is a technology solution that identifies and blocks spyware and malware on numerous platforms. It was revealed by a group of researchers at Snoopwall that the most commonly used flashlight apps are secretively stealing the users’ personal information stored on their mobile devices.

Here is what these app can do.

The company’s Threat Assessment Report states that all of the top ten searched flashlight apps at Google Play Store perform functions that go beyond the basic requirements of flashlight apps.

Flashlight apps are seemingly harmless due to which they have managed to accumulate around half a billion downloads in very little time. However, in reality these apps have put the security and privacy of smartphone users at risk just by requesting for fanatical permissions which naïve users adhere to. These also include permissions to:

  • Customize or remove USB storage contents
  • Modifying system’s display settings
  • Accurate position/location (GPS and network-based)
  • Shortcuts
  • Write Home settings
  • View all network connections

Ken Westin is a security researcher at Tripwire and is very familiar to this type of spying. He states:

“There is little vetting of applications before they are deployed. When you install an Android app, it shows you what it has permissions to access, but most people ignore it and just click next to get the app installed. There are a lot of free apps that have permissions on devices they shouldn’t, even ‘security’ applications.”

It is possible that many users feel safe downloading such apps because they download them through Google Play instead of a third-party website. However, Dwayne Melancon, Tripwire CTO, explains that this doesn’t ensure the security of any app.

According to Melancon,

“Android is pretty ‘Wild Wild West’ because the apps are not well curated. People often misunderstand the warning not to download apps from unknown or trusted sources. They’ll say, ‘I got it off the Play store—I trust that source’ without realizing the unknown and untrusted author of the app is the actual source.”

As a short term remedy, users are urged to uninstall all of the malicious flashlight apps that are listed here. If the app you are using can modify your phone’s write and/or storage settings, then we recommend that you reset your phone settings. It is important to conduct factory reset and/or complete formatting.

We also recommend that users follow some practices that can optimize the security and privacy level on their mobile devices. For instance:

  • Deactivating GPS and turn it on only while traveling or facing an emergency
  • Deactivating Near Field Communications (or iBeacon for iOS devices) forever
  • Deactivating Bluetooth and turn it on only to make hands-free calls while driving
  • When not in use, cover the microphone and/or webcam with tape

The most important aspect to understand is to closely scrutinize the permissions the apps request for. Let common sense prevail and inquire if that particular app really needs to access the information it is asking permission for and if it doesn’t then we need to look for safer alternatives. Snoopwall’s flashlight app is definitely one you can trust. It is our responsibility to protect our data and identities online and this can be done by protecting and our smartphones.

READ FULL analysis report in PDF file by clicking here.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.