1. OCAU Merchandise now available! Check out our 20th Anniversary Mugs, Classic Logo Shirts and much more! Discussion here.
    Dismiss Notice

Top 10 Flashlight Apps for Android Are Stealing Information

Discussion in 'Google Android (OS & Devices)' started by round, Oct 2, 2014.

  1. round

    round (Banned or Deleted)

    Joined:
    Apr 7, 2007
    Messages:
    15,474
    Location:
    /pol/
  2. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    62,763
    Location:
    brisbane
    hahaha, this is why I just use the built in torch.

    Should be renamed, top 10 apps you gave too many permissions to you idiots.
     
  3. evolutionKarma

    evolutionKarma Member

    Joined:
    May 4, 2013
    Messages:
    7
    Location:
    Sydney
    Or flash CyanogenMod. Built in privacy guard should stop this kind of things.
     
  4. ~Spyne~

    ~Spyne~ Member

    Joined:
    Feb 8, 2007
    Messages:
    1,403
    What a load of scaremongering!
    Did anyone actually follow the links and read their report? They list 'permission to control the device's flashlight' as one of the major security threats. Or how about "control vibration" or "disable screen lock".

    You might counter that by saying that many of the apps also require permission to "modify system settings"...Sure that sounds bad if you're a moron who watches ACA and believes that everyone who wears a burqa (niqab, actually) is a terrorist. But think about it, if your system settings are to send the device to sleep after 10s of inactivity or you sound is set to mute or display is set to auto-brightness, then of course some of these apps will need permission to change these settings so that they can operate as intended, to you know, keep the screen or flashlight on for longer than 10s, so sound an 'alarm' if that is one of the app's features, or to set the screen brightness to 100% if the screen is used as the 'torch'.
    Some common sense and you'll realise that many of these torch apps do more than just a simple light, they have various settings and features that, if you want to use them, require permission to access certain parts of your phone in order to work properly.

    It's similar, but even less of an issue, to all the hoo-ha about facebook's terms of use/permissions that had the tinfoil hat brigade up in arms earlier this year...and the year before that....and the year before that.

    Sensationalist media + companies trying to drum up business (snoopwall in this case) + gullable idiots = this.
     
  5. GoneFishin22

    GoneFishin22 Member

    Joined:
    Jun 28, 2008
    Messages:
    0
    ALL Mobile smart devices are NSA (and Chinese equivalent) intelligence capture devices - only fools living in fairy land would think otherwise, especially after Edward Snowden, things have only ramped up further since then.

    There certainly are some cretinous companies playing on gullible people as well.
     
    Last edited: Oct 8, 2014
  6. Kafoopsy

    Kafoopsy Member

    Joined:
    Sep 19, 2002
    Messages:
    1,725
    Location:
    Right Here!
    I just heard about this today. I wonder how much truth there is to it. I had a look at flashlight apps and they were anything up to 19MB. Does it really take that much data to turn on a light? And why do many of the apps want access to things not related at all to turning on a light? My phone doesn't even have a light but there are several apps that I won't put on my phone as I don't think they need access to what they request access to (yes, Facebook app, I'm, looking at you!)
     
  7. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,920
    Basically what ~Spyne~ said...

    The Android security model is horrible.

    This article comes round every 6 months or so (or whenever facebook releases an update).

    With stock android, there is no way to give an app access to the camera flash, without giving it camera access.
     
  8. Kafoopsy

    Kafoopsy Member

    Joined:
    Sep 19, 2002
    Messages:
    1,725
    Location:
    Right Here!
    So why do these apps ask for full internet access, access to contact list and phone location and identity, ability to send sms and to change or delete data from the phone?
     
  9. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    62,763
    Location:
    brisbane
    advertising, you'll also find iOS flashlight apps do this shit as well.

    which is why you don't just install random apps and click agree to everything without understanding what it means - you vette them LIKE ANY OTHER FUCKING APP.
     
  10. ~Spyne~

    ~Spyne~ Member

    Joined:
    Feb 8, 2007
    Messages:
    1,403
    How's that tin-foil hat fit?
    If you actually bothered to read the snoopwall 'report', none of the torch apps requested access to the contacts list, phone identity, ability to send sms.
    Full network access would be required for auto-updates (as defined by Google's security settings), ability to delete data from the phone would be for app edits (updates, upgrades, removal).
    Yes some of the apps require A LOT of permissions, possibly more than many people would consider necessary for a simple torch app, but then again, some of the listed apps ARE more than a simple torch app and for all of their features to work properly, Google requires they get permission to access/modify parts of the device.
     
  11. BGH

    BGH Member

    Joined:
    Dec 16, 2004
    Messages:
    1,353
    Location:
    You stay classy Melbourne
    From In defense of flashlight apps by a flashlight app dev on Reddit.

    Hey fellow redditors, I've been a daily visitor of this sub for a very long time. Also, I'm the developer of one of the popular flashlight apps on the play store.
    In the last several days a "counterveillance" company claimed that the top 10 flashlight apps are stealing private data and sell it to countries like Russia, Iran, etc.

    Here's the first post http://www.reddit.com/r/Android/comments/2i0467/most_flashlight_apps_on_android_steal_your_data/[1]
    And this is the second one from yesterday http://www.reddit.com/r/Android/comments/2id82z/the_top_10_flashlight_apps_are_all_sending_your/[2]

    First, I decided to ignore all this, but several redditors said that if the flashlight developers don't do the stuff described in the report they should come and say so. And here I am. My app doesn't have access to personal data. It doesn't sell personal data to 3rd world countries and doesn't work with unknown companies with unknown background.

    Now to the technical details... The "counterveillance" company's main argument is that these apps have a long list of permissions accessing different information provided by the OS and thus they must be selling this information to 3rd parties. As many redditors noticed in the comments, the report didn't include information whether they even tried to check the data that was coming out of these apps. How did they decide that there was any personal data involved? How did they find that this data was sold to 3rd world countries?
    I believe that most other flashlight apps like mine are clear of all this stuff. Of course there are a couple of exceptions with a huge permissions list, which I, as a developer, find it hard to explain. These apps are easily spotted and they don't really need to be flashlight apps. You can find such apps in every category.

    Since most of you guys are not developers, it's completely normal to not understand the permissions and wonder how they are used. Here's a detailed overview of all permissions in my app. You will see a similar list in almost all other flashlight apps, because a feature rich app cannot go without this minimal set of permissions.

    take pictures and video (this is the CAMERA permission). Used to activate the camera flash.
    control flashlight. I'm still supporting Android 1.5 and 1.6 and back in the old days on some devices (moto backflip) the camera flash was activated via a private API, which required this permission.

    full network access - used for showing ads from Google's Admob
    view network connections - again for Google's Admob. This permission allows the ads code to detect whether you are on wifi or data. If you are on data the ad requests will be reduced to save you bandwidth.

    control vibration - some users want the device to vibrate, when they toggle the light

    prevent the device from sleeping - very important permission for a flashlight app. In my app you can turn on the camera flash and then hit the power button of the device to turn off the screen. It's very handy, because you can hold your device like a real flashlight without hitting any buttons on the screen. Without this permission, the device will fall in "deep" sleep when you hit the power button and the light would turn off. Also, if you are using the screen light you don't want your device to turn off while you are doing something important.

    The second argument of the "counterveillance" company is that a flashlight app must not exceed 73 kilobytes in size. An application, which exceeds this size must contain code, which does some very bad things. In reality, you can't squeeze a high-quality application in less than several megabytes. In my app, only the launch icons for several screen DPIs are more than 100kb and that's in case you don't have any other images, which is almost impossible to create a good looking app without. Then you have code for functionality - in my case it's almost 400kb, which contains the basic LED functions with workarounds for many different devices, support for LED and screen strobe, widgets, plugins system for additional functionality, accessibility, restricted accounts support. Then you have support for tablets, which is a whole different beast and 3rd party libraries like the Google Play services, which is used to show ads - another 300kb.

    Another argument that I saw by the company is that if you use Google Ads in your application you are giving indirectly your user's data to Google. Yes, this is always a possibility (if the developer is using permissions, which can access personal data), but don't you think there is an easier way for Google to get to your data? For example, when you activate you Google powered device with your Google account.
    Another thing that most users don't realize is that we, the popular developers, are under constant pressure from law authorities. We do realize that the users' privacy is something very important. My application has almost 250 million downloads and I'm not hiding behind some company name. I have my real name in Google Play and I live in a country, which is a part of the EU, where the privacy information laws are very strict. What do you think would happen if I decide to take my user's data and sell it to someone in a country like Russia, a state we are almost at war with? They will send me to a place where I won't be allowed to take my smartphone with me...

    At last, I'd like to mention that I've read other security reports by other companies before. The real reports don't try to sell you a product at the end.
     
  12. ~Spyne~

    ~Spyne~ Member

    Joined:
    Feb 8, 2007
    Messages:
    1,403
    And this was just the first of a few warning bells that went off when I watched the video in the OP
     
  13. Kafoopsy

    Kafoopsy Member

    Joined:
    Sep 19, 2002
    Messages:
    1,725
    Location:
    Right Here!
    OK, now it makes a lot more sense. I seem to have very simple expectations. I thought a torch app should just turn on the light and that's it. In fact, I'm surprised that any phone that has a light doesn't have a built in way of turning it on.

    One thing I noted that the article says that you can't squeeze a high quality app into less than several megabytes. I wonder about this. Programming seems to be rather bloated these days. I know nothing about it of course, but in the old days there were large complicated programs and they fit on a floppy disk! Is it just graphics that makes them big?
     
  14. balckjok3r

    balckjok3r (Banned or Deleted)

    Joined:
    Nov 26, 2004
    Messages:
    1,708
    Location:
    Merredin WA
    Don't know about a flashlight, I have one in my rom. :thumbup:

    But I have disabled pretty much all permissions in my facebook app using OpenPDriod. I haven't noticed anything change in my use for facebook since doing this so conclude tin foil hat. :wired:

    They are easily stealing all your info for whatever reason. I have the right to privacy, at least for now. Although time will only tell for how long this lasts, especially now our country is blindly following everything America tells us.
     
  15. Recharge

    Recharge Member

    Joined:
    Sep 5, 2001
    Messages:
    11,046
    Location:
    Brisbane
    of course, if you actually pay attention when installing apps, it tells you what the app wants access too, so if you're paying attention, you'd see that the app wants access to all this stuff, then you say "oh fuck no!" *delete*

    I use one called "torch" it has a yellow light bulb icon. it asks for no permissions what so ever. and access nothing, it just turns the LED on.
     
  16. Danske

    Danske Member

    Joined:
    Oct 27, 2004
    Messages:
    18,355
    Location:
    Melgoon
    Not all phones have built in torch app. Nexus 5 sure dosnt :(
     
  17. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    62,763
    Location:
    brisbane
    I know, but you know people who don't think just type in torch click install and then yes to everything that's stopping them from getting to the thing.
     
  18. Smokin Whale

    Smokin Whale Member

    Joined:
    Nov 29, 2006
    Messages:
    5,182
    Location:
    Pacific Ocean off SC
    Until someone throws a packet sniffer on their device and proves with cold hard evidence that a particular app is stealing personal information and sending it to some random server in russia, then I will automatically conclude that whatever claims about an app stealing data are total bullshit. Getting pretty sick and tired of mainstream media idiots putting fear into common idiots over something which is simply untrue.
     
  19. Danske

    Danske Member

    Joined:
    Oct 27, 2004
    Messages:
    18,355
    Location:
    Melgoon
    Actually I'd be keen to try this lol. Surely there's a wireshark for phones :p.
     
  20. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    150,152
    Location:
    Omicron Persei 8
    'Here take my damned money!' has now changed to 'here take my damned privacy!'

    You do need to be careful though.
     

Share This Page

Advertisement: