Flashlights are spying on you

babylonian

New member
Jun 24, 2006
1,001
25
0
[ame="http://www.youtube.com/watch?v=Q8xz8xKEFvU"]Cybersecurity Expert Gary Miliefsky - YouTube[/ame]

Thoughts?
 


I'm almost certain they don't have access to your credit card and bank account information...
 
There is loads of fear mongering in that vid, but still, why would a Flashlight App need all those permissions and be 12Mb?

What is packed in those 12Mb, when all it needs to be doing is switch light on / off?
 
Worst case scenario imo would be a foreign government is using these to spy on people by viewing what is stored on their phone and/or taking pictures and video with the phone.

I still see nothing that shows they have access to banking data or even your name. Not totally sure about this, but even if you have in app purchases, it doesn't look like they have your name or credit card or anything either, just your general location.
 
^^ Not that it has access to all that info, in basic terms it adds the mobile equivalent to a keylogger that runs in the background and gathers the info if you're logging into your bank on your phone. But it could be low level code monitoring traffic on the network card. Dunno, there was fear mongering, probably truth to malware running on phones with excess privileges granted unknowingly by users. If your app is running on someone's phone it can send info through sockets to wherever you want without a browser open or user being alerted. But pedos aren't gonna hack children's apps to know where kids are lmao.
 
Ah yeah, I didn't really consider malware or spyware. I think Google checks for these things, but it could be in the store for months before that happens. I think Apple is a little more proactive since they review apps before they are published, right?
 
Ah yeah, I didn't really consider malware or spyware. I think Google checks for these things, but it could be in the store for months before that happens. I think Apple is a little more proactive since they review apps before they are published, right?

Apps go live in an hour or less on Android so I don't think they do a manual review...

Apple takes ~8+ days to review.
 
The large file size is to help people find "the funk"

[ame="http://www.youtube.com/watch?v=6F7xbF7OnxU"]Parliament - Flashlight - YouTube[/ame]
 
Any app should make you suspicious at this point. If some 12 year old geek can get his stupid app in the marketplace, anyone can. And if I was a 12 year old geek who can program apps, I'd be creating some app to see girls boobs. That's just being honest.
 
No wonder with the amount of permissions each app required on Android platform.

table1.png
 
Well, a lot of this has to do with the way permissions are set up in Android, not necessarily spying.


There was a dev on reddit who actually explained a lot of these (also quite messy) things he HAS to have access for just for the thing to work.

  • take pictures and video (this is the CAMERA permission). Used to activate the camera flash.
  • control flashlight. I'm still supporting Android 1.5 and 1.6 and back in the old days on some devices (moto backflip) the camera flash was activated via a private API, which required this permission.
  • full network access - used for showing ads from Google's Admob
  • view network connections - again for Google's Admob. This permission allows the ads code to detect whether you are on wifi or data. If you are on data the ad requests will be reduced to save you bandwidth.
  • control vibration - some users want the device to vibrate, when they toggle the light
  • prevent the device from sleeping - very important permission for a flashlight app. In my app you can turn on the camera flash and then hit the power button of the device to turn off the screen. It's very handy, because you can hold your device like a real flashlight without hitting any buttons on the screen. Without this permission, the device will fall in "deep" sleep when you hit the power button and the light would turn off. Also, if you are using the screen light you don't want your device to turn off while you are doing something important.

Another set of confusion is that permissions need to be turned OFF b the dev instead of turning them ON... so an inexperienced dev will easily waltz in with a full set.

Source:
In defense of flashlight apps... : Android

::emp::
 
There is loads of fear mongering in that vid, but still, why would a Flashlight App need all those permissions and be 12Mb?

What is packed in those 12Mb, when all it needs to be doing is switch light on / off?


lol, which one is nearly even close to 12mb?

Who bothered to check on the Play store to see which apps requested those permissions? I just checked the first two that popped up on the Play store:

Super-Bright LED Flashlight
Permissions:
Camera/Microphone

Size: 4.69mb (too big? Maybe, I don't know)

Tiny Flashlight + LED

Permissions:
Camera/Microphone

Size: 1.08mb (too big? Probably)

And those are the two most popular ones on the Play store.

There are other ones that require a lot of permissions, but those two don't, So fuck that website.