Recently a major news outlet brought on a “security expert” to
scare monger inform users about a potential privacy issue with their apps. The security company evaluated the top 10 apps on the Google Play Store (Android app store for you iOS users). They determined that because the apps required too many permission they were, in fact, malware.
Let’s back up for a hot second.
This whole thing started when makers of the “Brightest Flashlight” app was busted for quietly collecting user data and selling it to advertisers. You can read about it on the FTC website. Soon a security company decided to evaluate the top 10 flashlight apps on the Google Play Store and called them all malware.
So before we start with the debunking, let’s define malware.
“Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.” Source: Techterms, Aug. 2013.
The top 10 flashlight applications on the Google Play Store were dubbed “malware” because they did one or more of the following:
Used GPS location
Accessed photos or videosTest access to protected storage
View Wi-Fi connections
Receive data from the internet
Full network access
Read Google service configuration
Control flashlight (duh)
Take pictures and video
You’re probably thinking, “Why the Dickens does a flashlight needs all these permissions?” Who knows? But that doesn’t necessarily make it malware. Malware typically sends your data to a third-party, locks down for device for a ransom, or other nefarious activities. None of these applications were found to do any of these things. Additionally, lots of applications ask for WAY too many permissions. But there is something you can do about it. 1. Read what permissions the app requires before downloading. 2. Disable permissions that you don’t want that application to access.
Furthermore, you should modify permissions by each application on your phone to be super-safe.
I agree that a flashlight doesn’t need access to my photos / video or GPS. But until it starts siphoning off your data and selling it off, it’s a tough stretch to call it malware for doing what most applications do anyways.