Monolith149 Daily

Another place to see what KG is doing...

Fear the Flashlight?

Day 5

Should you fear your flashlight? There’s been a story going around about the security threat of flashlight apps on your phone. How seriously should you take this?

There’s nothing particularly dangerous about flashlight apps however there is a general danger to be cautious of when you install any apps on your phone. That’s the real lesson to take away here.

Image credit: by Blake Patterson CC BY 2.0.

Snopes reports there was one app developer in 2013 that settled a complaint with the Federal Trade Commission because the app was collecting information to use for ad targeting.

The Lesson

You give apps various permissions to access various types of data and devices on your phone when you install them. You have to give the permission—both iPhone and Android will ask you when you install a new app, or I believe the iPhone will sometimes ask when the app wants to do something, i.e., it wants to access your location data.

One problem is the access and questions tend to be an all-or-nothing type of question. If my weather radar app wants to report on my current location, it wants to access the GPS. An email app will want to access all of my contacts information.

One that really annoys me are apps that want to access all of the contacts information so they can “find my friends” on their service. I always refuse those.

If an app wants to do one little thing, the only choice is to ask for access to that whole part of your phone. You can see the problem. If they divided access rights up into little slices, like “access your current GPS location but not your past location history”, there’d be such a long list of permissions people would just ignore them.

But most of us just ignore them anyway. By now, most people just click “Oh okay” and carry on.

Here’s What I Do

  • I only get apps from the app store! (The App Store for the iPhone and the Google play store for Android).

  • I try to get some indication of how reputable the app developer is. Have 10,000 downloaded it or just 20? Are the reviews good? Have I heard of the developer or company before? (Usually not). Do they have other apps in the store or just this one? Does their description and web site look professional or like a school project?

  • When apps ask for permission, if there’s a choice, i.e., the app can be used with or without it, I try to understand why it wants that permission before I grant it. If it wants access to my contact list I never grant it because it’s not my business to give away your name, phone number and email address. I usually will grant GPS access. Camera or microphone access had better have something to do with what that the app is for.

The Apple App Store has strict policies about what apps they accept and there is a review process that each app goes through. The Google play store is also supposed to be constantly checking their apps though they are reputedly not as strict on admitting apps, but presumably check them for security concerns.

If enough people have downloaded and use an app, then it’s more likely that any mischief has been discovered and reported.

The Important Caveat

However, none of these steps are guarantees that you won’t get malware on your phone. There are clever attackers who can get past all of the above checks, at least for a while before they are discovered. For that reason I don’t use any critically important apps on my phone like banking, etc. I just don’t use a phone for those. And I’m very cautious about what I log into from my phone even using the web. I favor using LTE instead of an unknown, public wifi service.

Fortunately most apps now use HTTPS, SSL for secure connections.

I also just don’t install many apps. I mean I just don’t install willy nilly every app I see, hear about or someone recommends. It has to be something I have an interest in or an actual use for.

Balance

In the end you’re trying to strike a balance between convenience, features, and function vs. security. We could replace our front door with a three-inch steel door and drag concrete Jersey barriers in front of the house, but that would be too much security for too much lost convenience. Probably.

Final P.S.

The iPhone has it’s own built-in flashlight since IOS 7 (drag up from the bottom of the screen) so you can uninstall one if you have it.

Flash and Grab at snopes.com