When we install an application, unfortunately we do not review the permissions requested on our mobile. This is also partly the fault of Google, since it does not show us the permissions when we install it, but we must go to look for them manually at the bottom. If you did as with the APK, which shows them when you open it, it would not happen what is happening with the flashlight apps.
Apps that requested up to 77 permissions just to turn on the flashlight
Most Android phones in recent years have the flashlight function in the notification bar, so that, by pressing a simple button, the flashlight comes on. However, millions of users continue to download the applications to turn on the flashlight even though their mobile phone already includes the native function, and this exposes your mobile phone to danger.
An Avast security researcher named Luis Corrons analyzed all the flashlight applications in the Play Store. In total, he found 937, of which there were 7 that were directly malicious apps. The rest asked for a large number of permissions, with an average of 25, and two asked for up to 77. The list of the 10 apps that asked for the most is the following:
Ultra Color Flashlight, 77 permissions, 100,000 downloads
Super Bright Flashlight, 77 permissions, 100,000 downloads
Flashlight Plus, 76 permissions, 1,000,000 downloads
Brightest LED Flashlight – Multi LED & SOS Mode, 76 permissions, 100,000 downloads
Fun Flashlight SOS mode & Multi LED, 76 permissions, 100,000 downloads
Super Flashlight LED & Morse code, 74 permissions, 1,000,000 downloads
FlashLight – Brightest Flash Light, 71 permissions, 1,000,000 downloads
Flashlight for Samsung, 70 permissions, 500,000 downloads
Flashlight – Brightest LED Light & Call Flash, 68 permissions, 1,000,000 downloads
Free Flashlight – Brightest LED, Call Screen, 68 permissions, 500,000 downloads
Some apps could record calls and activate the microphone
Among the permissions they requested were some really worrisome, such as access to calls, the possibility of recording audio (requested by 77 apps), read the contact list (requested by 180 apps), or even create new contacts, as requested by 21 apps 24 of them asked permission to download content without informing the user, and 8 of them could even record calls if they wanted.
This series of permissions shows one of the most used techniques by malware creators. Normally, they first launch an app that seems innocent, but then in the future they turn it into something much more dangerous by taking advantage of these permissions that are already granted. The CamScanner case is one of the most serious in recent years of an app that operates normally and suddenly begins to have malicious activity.