Many perspectives, 1 simple etiquette

How Your Phone's Flashlight App is Stealing Your Data

Created: 01 October, 2014
Updated: 15 October, 2022
2 min read

Many people have a flashlight app on their smartphone. It's a useful tool when the power goes out or when a user is looking for something in a poorly lit environment. However, what most people likely don't realize is these apps are geo-locating the user and stealing their data.

In an interview with independent investigative journalist Ben Swann, Gary Miliefsky, CEO of SnoopWall LLC, the world's first "counterveillance" company, said his group discovered that the top 10 Android flashlight apps are doing more than just helping you see in the dark.

"They are stealing your contacts, they're connecting through backdoor or covert channels to other countries, and this is really crimeware, it's malware, it's cyber spyware."

These apps have up to half-a-billion installs worldwide -- that is a lot of data to steal. However, anyone who downloads one of these apps is likely oblivious to the fact that even though the app is free, it takes more from the user than the user gets from the app.

Read the full SnoopWall Flashlight Apps Threat Assessment Report here

According to SnoopWall, Super-Bright LED Flashlight, the number one downloaded flashlight app worldwide, can do all of the following:

  • retrieve running apps
  • modify or delete the contents of your USB storage
  • test access to protected storage
  • take pictures and videos
  • view Wi-Fi connections
  • ready phone status and identity
  • receive data from Internet
  • control flashlight
  • change system display settings
  • modify system settings
  • prevent device from sleeping
  • view network connections
  • full network access
All this from an app that is supposedly designed to give a user extra light when he or she needs it. The primary reason these apps were developed was not to give people a free, handy tool, but to retrieve information from consumers.

Some of the companies that make these apps, like GoldenShores Technologies, LLC, the creator of Brightest Flashlight Free, have already been sued by the Federal Trade Commission (FTC) for privacy breaches. GoldenShores settled with the FTC, but the app is still available to download. While it used to be the number one flashlight app on Google Play, it is now number two.

Here is the thing, nothing has actually changed with the Brightest Flashlight Free app. It still collects all the data it collected before, except now when a person installs it they get what Miliefsky calls "a very longwinded privacy policy that now complies with the FTC settlement."

"That longwinded privacy policy pretty much says ... we're going to keep stealing all of your information or you can't run our app," he explained.

How many people read privacy notices or the entire terms-of-service agreement for any application or software they download? Very few people. So, the app continues to be downloaded and used without people realizing that it is taking their personal data.

SnoopWall's report warns that anyone who uses their phone for mobile banking is at risk of having their banking information stolen and strongly recommends people uninstall these apps immediately.

Photo Credit: dolphfyn / Shutterstock.com