Luis Corrons points out that, in fact, a flashlight application needs very few things to work and that makes the demands even stranger. Nearly half of flashlight applications only ask for about 10 permissions, but from the list identified by the Avast researcher, 262 want access to more than 50 smartphone functions. And Ultra Color Flashlight and Super Bright Flashlight are the record holders, asking for access to 77 functions.
In an Avast blog post, the researcher recalls that some of the requested permissions, such as KILL_BACKGROUND_PROCESSES, are very powerful and can be used for more malicious intentions, such as turning off security applications that filter traffic or malware access. But they can also be used to reduce battery consumption and make the app run longer.
In some cases the request for access to smartphone permissions may be made to share data with other partners who will use the information to sell, especially usage data and contacts.
Luis Corrons points out that checking apps permissions before installing them is a recommended measure. And if users are not comfortable with the requirements they should not install the apps.
Privacy policies that give insight into how data will be used but which most users do not read, or become almost useless because they are unclear and refer to documents from other partners, should also be checked. its very difficult and complex assessment.
"There is a big gray zone for apps like these, so we don't all mark them as malicious. Although they ask for an absurd number of permissions, they don't take malicious actions and are asking users for permission," he says. Still, Luis Corrons says that does not mean that they are totally innocent or that other partners are not collecting data.