Flashlight app safety, or should I say danger, came to a light (pun intended) after SnoopWall released a threat assessment report on October 1st, 2014 that highlighted the excessive permissions required by the top 10 flashlight apps in Google Play. Snopes covers the aftermath in more detail, but the take away is that most flashlight apps downloaded by Android users are capable of a lot more than just providing illumination, and a company behind one of the apps settled with the FTC over a poor privacy policy.
It’s not necessarily the case that all of these apps were abusing their position, but if they’re asking for egregious permissions, how do you know which are trustworthy? In this situation the best offense is a good defense. Assume the worst, and stick to apps that require little to no additional permissions. In this video SnoopWall president Gary Miliefsky suggests people use “a privacy flashlight”, one that is under 100k (SnoopWall published an app named “Privacy Flashlight” around the time of the media attention, the latest version of which happens to be greater than 100k (by 38k), ironically.
An app that requires no special permissions is ideal, but the brightest flashlights typically require access to the camera in order to turn on the flash. That in and of itself isn’t bad, so long as the app doesn’t have a means of sending or storing photos/video (ie. sending data over the network or writing it to storage; storage could be a problem if a tandem app reads from storage and accesses the network).
Given this information I was curious to see whether the attention raised by SnoopWall had an impact on the flashlight landscape. The following charts represent apps listed on Google Play that have a self-described flashlight feature or function.
Clearly there is no shortage of such apps published over the years (*).
Unfortunately the number of apps seeking permissions that could be used to ex-filtrate your information is on an uptrend (*):
The percentage of flashlight apps not requesting network or storage access (ie. safe apps) is averaging ~17.5% (*).
[* this data has a survivorship bias]
It turns out that the ‘”less than 100k” advice is only a starting point. There are many apps much smaller than this limit that request unnecessary permissions.
So which are the top safe flashlight apps? Unfortunately the Google Play store does not make this information easy to find, but I’ve compiled a list of 20 Top Safe Flashlight Apps.