Security Experts:

Connect with us

Hi, what are you looking for?



Android Flashlight Apps Request up to 77 Permissions

An analysis of Android flashlight applications available in Google Play has revealed that they request an average of 25 permissions, with some requesting up to 77 permissions when installed.

An analysis of Android flashlight applications available in Google Play has revealed that they request an average of 25 permissions, with some requesting up to 77 permissions when installed.

Several years ago, users had to download and install flashlight applications on their devices, but Android now includes the functionality natively. However, flashlight applications continue to exist, and there are hundreds of them.

An investigation performed by Avast’s security researchers has revealed a total of 937 flashlight Android applications that either were once available in the official app store, or continue to be so. Of these, only 7 are considered malicious or potentially unwanted.

While the remaining hundreds of apps should be considered clean and safe, the large number of permissions they request at installation is staggering.

Of the analyzed apps, 408 request just 10 permissions or less, which seems fairly reasonable. However, there are 262 apps that ask for 50 permissions or more (up to 77). Thus, the average number of permissions requested by a flashlight app is 25.

“The concern should not just be around the amount of permissions, but around what we give apps access to,” Avast researcher Luis Corrons notes.

Some of the requested permissions, however, are difficult to explain for flashlight applications, the security researcher says.

For example, 77 of the applications request permission to record audio, 180 request permission to read contact lists, and 21 of them want to be able to write contacts.

Other applications also want to be able to get tasks, kill background processes, make phone calls, access location, access Bluetooth, process outgoing or incoming calls, answer calls, receive SMS, get accounts, authenticate accounts, or download content without notifying the user.

“Taking a close look at some of these, permissions like KILL_BACKGROUND_PROCESSES, are very powerful and can be abused for malicious purposes, for example, it could be used to kill a security app,” Corrons points out.

One of the analyzed apps, the researcher discovered, had the aforementioned permissions and could also check if the phone is rooted, execute external code, get operator information, change network state, check the installed apps, gain persistence, check for emulators, draw on top of other apps, read and write to external storage, and hide the app icon.

Called “Flashlight”, the app is from July 15, 2019, and requests a total of 61 permissions, but is not the only one to do so. The expert discovered a total of 208 APKs that request the same permissions, most being different versions of the same app.

“Right now there are ten apps on the Google Play Store with more than two million downloads,” the researcher notes.

While the Developer IDs in Google Play suggest there are five different developer groups behind these apps, Corrons discovered that at least some of them are the same, just using a different Developer ID.

“This appears to be a developer or group of developers with a monetization system, harvesting users’ data and sharing the data with partners,” the researcher warns.

While these apps can’t be considered outright malicious, the outlandish permissions they request suggests that they are not innocent either. In fact, they might be used for harvesting data from users’ devices and delivering it to third-parties, which makes it imperative for users to carefully check the permissions an app requests, before installing the app.

Related: Researchers Find 17,490 Anubis Android Malware Samples

Related: Researchers Discover Android Surveillance Malware Built by Sanctioned Russian Firm

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.