I was recently made aware of an email that’s going around warning people that their free flashlight app is stealing their personal data (banking information, photos, videos, etc) and sending it to cybercriminals in India, China, and Russia. I found this information hard to believe, so I did a bit of research.
First I looked at a video of the news report that apparently started this whole thing. It involved someone from a cyber security company being interviewed. What immediately jumped out at me, although he did not make it clear, was the fact that the apps being discussed were primarily those available for download for Android phones. As far as I can tell, the built-in flashlight in your iPhone seems to be safe. Android apps might prove to be more susceptible to exploitation because apps for Android phones, unlike apps for iPhones, can be obtained from multiple sources. Apple tightly controls which apps can be installed on the devices they manufacture. If an Android user wants to install an app obtained outside of the Play Store, all he or she has to do is change a security setting allowing this activity. No such setting exists on the iPhone. He also didn’t mention that any app, not just free flashlight apps, could be used in such a manner.
All apps can request permission to certain parts of your phone (photos, address book, etc). A lot of apps request access when it makes no sense. For example, it makes sense that a wifi phone app would ask for access to your contacts. Why would a flashlight app need such access? That being said, just because the access is requested doesn’t mean it’s being used for some criminal purpose. As pointed out by the writer of a Snopes article on the subject (www.snopes.com/computer/internet/flashlight.asp), if you’re using a free app it is entirely possible that information about you is being collected and sold for marketing purposes.
Before you think that iPhone apps are immune to such use, you need to make sure you pay attention to what permissions are being given to those apps as well. The iPhone maintains this information in the Privacy area of its settings. There you can deny or grant access to various information stored on your phone.
This is a good place to remind you to turn off location services for your camera if it’s on. Such access allows “the bad guys” to figure out where each of your pictures was taken. If you post pictures on Facebook, such information can allow criminals to know when you’re on vacation, where you go to school, where your kids go to school, etc. Programs exist that allow anyone to figure out your daily routine by using the pictures you post.
No matter what type of phone you have, you need to pay attention to the access being granted to any apps you install, free or otherwise. As such, it’s best to have the smallest number of apps installed. In this case, less is more … more secure, that is.