Be careful with smartphone flashlights

Millions of users may have their personal information, bank account information, etc. secretly collected by a flashlight app on their smartphones to sell on the "black market".

That is the warning of the cybersecurity company SnoopWall - a cybersecurity consultant for the US Government. SnoopWall believes that flashlight applications on smartphones are not free and harmless as many people mistakenly believe. They may be being exploited by cybercriminals as a tool to secretly profit from users' subjectivity.

Brightest Flashlight Free App

Stealing bank accounts

The Brightest Flashlight Free application has reached the milestone of more than 50 million downloads, showing the popularity of this software. However, in terms of usage, in addition to the requirements of Super-Bright LED Flashlight, this application also "asks for permission" to use files on the device such as: images, videos, sounds and even external memory - which seems not very related to the flashlight function.

“Smartphone and tablet users are faced with apps installed on their devices performing more roles than the services they provide,” said Gary Miliefsky, head of SnoopWall.

According to Miliefsky, the flashlight apps they found tracking users are all quite famous names today such as: Super-Bright LED Flashlight, Brightest Flashlight Free and Tiny Flashlight + LED.

These apps have settings that are not very relevant to their functionality, such as: customize or remove USB storage contents, get the user's exact location, keyboard shortcuts, view all network connections, view messages...

And users often easily ignore it because of the subjective thought "they are just flashlights".

Miliefsky believes that the above applications can be developed or modified by cybercriminals to collect user data and sell it to market research companies and advertising companies to determine shopping habits.

They can even steal bank account information if they have access to it. This is considered a very attractive item on the "black market" today.

To add more information, we tried to find out about the above applications in the CH Play online application store of the Android operating system. The result is that the Super-Bright LED Flashlight application (now with the word HD added behind) has more than 1 million downloads.

If you want to install this app, you have to let the app see device activities, running apps, web browser history and bookmarks, let the app use the camera and microphone, see information about WiFi connections, Bluetooth, the owner's phone number and connected phone numbers.

Use default flashlight

Most smartphones from popular phone brands on the Vietnamese market today have a built-in flashlight function. However, manufacturers all commit that their flashlights only function properly and do not “cross the line” like the applications announced by SnoopWall.

Mr. Mark Chu, product director of Asus's phone and tablet products, affirmed: "The flash application in the ZenUI interface pre-installed on Asus products running the Android operating system is a safe application, with no function to collect information from users."

“The flashlight app is pre-installed as a standard feature in all Lenovo Android smartphones developed by Lenovo itself,” said a Lenovo representative.

This application does not track or collect any user information. Lenovo has a strict policy of not collecting personal information without user consent.

Third-party applications will not be installed on our smartphones unless they are tested and meet our criteria.”

LG representative also committed: "LG develops the flash feature itself, does not use third-party applications and of course does not collect or track users"...

Be careful before downloading the application

For current Android users, installing third-party applications from the CH Play store is a normal thing. However, each application usually comes with required terms that users often ignore. Security experts are very concerned because user information can be stolen at any time.

“A malicious app masquerading as a well-known app is nothing new. We have seen other malware do this, like a backdoor masquerading as a flashlight app,” Victor Chebyshev, senior security expert at Kaspersky Lab, told us. In other words, cybercriminals often spread mobile malware using social engineering techniques.

To avoid being infected with malicious mobile apps, we recommend that users only use reputable app stores and protect themselves with an effective anti-malware solution.”

Sony representative said that users should carefully check the application access permission notification (for example, access to phone contacts, email, social networks, internal memory...) before deciding to install the application on the device.

If in doubt, users should carefully research the information about this application before installing it. For example, a flashlight application that requests access to contacts is suspicious.

According to cafebiz.vn