I've been taking a closer look at my mobile apps lately, specifically the permissions they request when downloading and installing them. It has been quite an eye opener. It turns out that mobile apps are invading our privacy. It's as simple as this: any app that can read your contacts and access the Internet can slurp your data and send it off to some random server to be stored and/or used in a nefarious way.
The finding that surprised me the most was the audacity of my little old flashlight app. I was using "Tiny Flashlight + LED", which is allowed to read your phone identity and have full Internet access. A flashlight app that needs Internet access is nonsensical to me. I switched to use OI Flashlight, which requires only the permissions of camera control and preventing the device from sleeping. I discovered during my research that most flashlight apps want Internet access. The top 4 flashlight apps that appear when searching for "flashlight" on Google Play are:
- full Internet access
- your location (both coarse and fine)
- modify your SD card contents
- read your phone identity