Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Android Flashlight Apps Request up to 77 Permissions

An analysis of Android flashlight applications available in Google Play has revealed that they request an average of 25 permissions, with some requesting up to 77 permissions when installed.

An analysis of Android flashlight applications available in Google Play has revealed that they request an average of 25 permissions, with some requesting up to 77 permissions when installed.

Several years ago, users had to download and install flashlight applications on their devices, but Android now includes the functionality natively. However, flashlight applications continue to exist, and there are hundreds of them.

An investigation performed by Avast’s security researchers has revealed a total of 937 flashlight Android applications that either were once available in the official app store, or continue to be so. Of these, only 7 are considered malicious or potentially unwanted.

While the remaining hundreds of apps should be considered clean and safe, the large number of permissions they request at installation is staggering.

Of the analyzed apps, 408 request just 10 permissions or less, which seems fairly reasonable. However, there are 262 apps that ask for 50 permissions or more (up to 77). Thus, the average number of permissions requested by a flashlight app is 25.

“The concern should not just be around the amount of permissions, but around what we give apps access to,” Avast researcher Luis Corrons notes.

Some of the requested permissions, however, are difficult to explain for flashlight applications, the security researcher says.

For example, 77 of the applications request permission to record audio, 180 request permission to read contact lists, and 21 of them want to be able to write contacts.

Advertisement. Scroll to continue reading.

Other applications also want to be able to get tasks, kill background processes, make phone calls, access location, access Bluetooth, process outgoing or incoming calls, answer calls, receive SMS, get accounts, authenticate accounts, or download content without notifying the user.

“Taking a close look at some of these, permissions like KILL_BACKGROUND_PROCESSES, are very powerful and can be abused for malicious purposes, for example, it could be used to kill a security app,” Corrons points out.

One of the analyzed apps, the researcher discovered, had the aforementioned permissions and could also check if the phone is rooted, execute external code, get operator information, change network state, check the installed apps, gain persistence, check for emulators, draw on top of other apps, read and write to external storage, and hide the app icon.

Called “Flashlight”, the app is from July 15, 2019, and requests a total of 61 permissions, but is not the only one to do so. The expert discovered a total of 208 APKs that request the same permissions, most being different versions of the same app.

“Right now there are ten apps on the Google Play Store with more than two million downloads,” the researcher notes.

While the Developer IDs in Google Play suggest there are five different developer groups behind these apps, Corrons discovered that at least some of them are the same, just using a different Developer ID.

“This appears to be a developer or group of developers with a monetization system, harvesting users’ data and sharing the data with partners,” the researcher warns.

While these apps can’t be considered outright malicious, the outlandish permissions they request suggests that they are not innocent either. In fact, they might be used for harvesting data from users’ devices and delivering it to third-parties, which makes it imperative for users to carefully check the permissions an app requests, before installing the app.

Related: Researchers Find 17,490 Anubis Android Malware Samples

Related: Researchers Discover Android Surveillance Malware Built by Sanctioned Russian Firm

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...