Flashlight Apps Spy on Users – Investigation Pending!
Flashlight Apps Spy on Users – Investigation Pending!
Summary of eRumor:Reports allege that popular flashlight apps function as malware and spy on users to collect personal information that is sold to third parties without advance notice.
The Truth:A Federal Trade Commission (FTC) complaint against the developer of a popular flashlight app has raised security concerns, but the full extent of vulnerabilities with other flashlight apps hasn't been verified by the TruthorFiciton.com team.
A report released by the cyber security and software firm Snoopwall in October 2014 brought alleged security and privacy issues with flashlight apps to the forefront. The report cited widespread privacy and security issues with the top 10 free flashlight apps on the market, but those claims remain unconfirmed.
In its report, Snoopwall encouraged users to download its own flashlight app, the SnoopWall Privacy Flashlight. That prompted the TruthOrFiction.com team to contact the company for information about specific threats posed by the other free flashlight apps, as well as information on how the report ensured market competition was fairly evaluated.Future updates will be posted here.
But at least one of Snoopwall's claims is true. The FTC filed a complaint against the developer of a Google Android app called the Brightest Flashlight in 2013. The app’s developer, GoldenShores Technologies, was accused of failing to disclose that users’ personal information was collected and distributed to third parties like advertising networks. The company settled the complaint in December 2013 and agreed to disclose how, when and why geo-location information was collected, and how consumer information would be used going forward.
“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” FTC Director Jessica Rich said. “But this flashlight app left them in the dark about how their information was going to be used.”
Regulatory agencies haven't, however, made any issues with other mobile flashlight developers public.
A real example of the eRumor as it has appeared on the Internet:
NASHUA, N.H., Oct. 2, 2014 /PRNewswire/ — SnoopWall (www.snoopwall.com), the world’s first counterveillance security software company, has issued a consumer protection advisory that consumers should delete their flashlight apps immediately. According to SnoopWall’s cybersecurity experts, all flashlight app users are being spied on and warn that flashlight apps should be considered well designed “malware”. A heightened warning was issued for users with mobile banking apps co-installed on their smartphones, tablets or laptops.
“The top 10 free flashlight apps in the Google Play store alone account for nearly 1/2 billion installations alone, and that does not include the Microsoft Windows Phone and Apple iTunes apps,” said Gary Miliefsky, CEO of SnoopWall, an IT security and counterveillance expert. “The cyber threat from flashlight apps is epic,” he warns.
SnoopWall cybersecurity reviewers revealed that the top 10 flashlight apps geolocate users, read contacts lists, read device storage looking for personal, sensitive pictures and videos, read and write files, check to see what apps are running, look for ways to communicate over the internet (wifi or cellular), get users phone number and much more. All the flashlight applications reviewed revealed easy exposure of a user’s personal information to potential cybercriminals or other nation states such as India, China and Russia.
SnoopWall cyber experts report that these flashlight application sizes were unusually large, ranging from of 1.2 to 5 megabytes, which would support the malicious app behavior revealed. According to Miliefsky, “an optimized flashlight application should only be 72k which is 10-50 times smaller than the smallest one of these apps. The size is significant because there is more code than necessary embedded in these applications which allow them to eavesdrop on you. ”
For a full copy of SnoopWall’s “Flashlight Apps Threat Report”, visit http://www.snoopwall.com/threat-reports-10-01-2014/
“Why does Brightest Flashlight need to Geolocate you? It doesn’t,” Miliefsky stated. “If users are performing Mobile Banking on the same device as one of these free Flashlight Apps, they are at an even higher risk of a severe data breach.”
About Gary Miliefsky
Counterveillance expert and founding member of the U.S. Department of Homeland Security, Gary Miliefsky, is the Founder of SnoopWall and the sole inventor of the company’s technologies. He has successfully advised two White House administrations on cyber security, filed more than a dozen patents of his network security inventions, and licensed technology to major public companies, including IBM, BlackBox Corp. and Computer Associates International. He also founded NetClarity, Inc., an internal intrusion defense company, based on a patented technology he invented. He also advised the National Infrastructure Advisory Council (NIAC) at the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace. Miliefsky serves on MITRE’s advisory board and its CVE Program (http://CVE.mitre.org) and is a founding Board member of the National Information Security Group (www.NAISG.org). He is a member ofISC2.org, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. The former Editor of Cyber Defense Magazine, Miliefsky is a prolific author, a frequent presenter and subject matter expert on topics related to digital privacy, counterveillance and cybersecurity for corporations and the news media.
SnoopWall is the world’s first counterveillance software company focused on helping consumers and enterprises protect their privacy on all of their computing devices including smartphones, tablets, and laptops. SnoopWall augments endpoint security (antivirus, firewall, intrusion prevention) through patent-pending technology that detects and blocks all remote control, eavesdropping and spying, thereby preventing data leakage while increasing device battery life/performance. SnoopWall’s technology suite includes Privacy App™ and Privacy Shield™. SnoopWall’s software is proudly made in the U.S.A. and is part of the growing suite of next generation security products being delivered by SnoopWall and their OEM partners. Visitsnoopwall.com and follow us on Twitter: @SnoopWallSecure.