ProHoster > Blog > internet news > Assessing Permission Request Abuse in Flashlight Apps for Android

Assessing Permission Request Abuse in Flashlight Apps for Android

On the Avast Blog published the results of the study of the permissions requested by the applications presented in the Google Play catalog with the implementation of flashlights for the Android platform. In total, 937 flashlights were found in the catalog, of which seven contained elements of malicious or unwanted activity, and the rest can be considered “clean”. 408 apps requested 10 or less powers, and 262 apps required consent to grant 50 or more powers.

The 10 apps requested between 68 and 77 credentials, with four of them being downloaded over a million times, two about 500 times, and four about 100 times.

NapplicationNumber of powersNumber of downloads

1 Ultra Color Flashlight 77100,0002 Super Bright Flashlight 77100,0003 FlashlightPlus 761,000,0004 Brightest LED Flashlight - Multi LED & SOS Mode 76100,0005 Fun Flashlight SOS mode & Multi LED 76100,0006 Super Flashlight LED & Morse code 741,000,0007 Flash Light - Brightest Flash Light 711,000,0008 flashlight for samsung 70500,0009 Flashlight - Brightest LED Light & Call Flash681,000,00010 Free Flashlight - Brightest LED, Call Screen68500,000

When analyzing exactly what permissions are requested by applications with the declared functionality of a flashlight (not a flashlight as a companion function, but applications that mostly position themselves only as a flashlight), it was found that 77 applications request sound recording functions, 180 require reading data from the address book, 21 - write access to the address book, 180 - the ability to make calls, 131 - access to the exact location, 63 - answer calls, 92 - make calls, 82 - receive SMS, 24 - download data without notification.

282 programs require access to the Force Quit Background Processes feature (assumed to be used to terminate processes to reduce power consumption). At the same time, in fact, for the flashlight to work, you only need access to the camera's flash LED and, optionally, the ability to block the device from going into sleep mode.

Assessing Permission Request Abuse in Flashlight Apps for Android

As an example, a typical flashlight application is analyzed, in which only the flashlight function is declared and it is written that the application does not require additional permissions. In fact, the program asks for 61 permissions, including the ability to make calls, read the address book, determine location, use Bluetooth, manage network connection status, get a list of installed applications, read and write to external storage.

Source: opennet.ru

Add a comment