Beware of these 10 apps on Google Play, they are seeking more than 68 permissions

In its latest security report, Avast has found that close to a 1,000 flashlight apps on the Google Play Store request an average of 25 permissions. Of the 937 apps in total, 262 apps requested for the number of permissions ranging from 50 to 77. 267 of the apps requested 11 to 49 permissions while most of them (408 to be precise), requested 10 permissions or less.

Of the 937 apps, the top 10 apps requesting the most permissions had been downloaded at least 100,000 times with some ranging as high as 1,000,000 downloads. All 10 of these apps requested at least 68 permissions. This was an odd behaviour since a flashlight application only needs access to the phone’s flash. This means that several of these flashlight apps were requesting access to more permissions than they actually need.

Applications request for permissions to offer services that depend on a feature of the phone or the phone’s data services. Since apps like flashlight don’t need more than one permission which is the phone’s flashlight, it meant that app developers willingly or unwillingly are requesting permissions to exploit a user’s personal data.

The fact that around 77 of these apps requested to record audio or that 180 of these requested for access to contacts is questionable. The accessed data can not just be accessed by the app developers but also the ad partners who work with the developers, who will be able to exploit the personal data for monetary gains.

Avast Security Evangelist, Luis Corrons explains saying “The flashlight apps we looked into are just an example of how even the simplest apps can access personal data, and it’s often not just the app developers that gain access to data when users download an app, but the ad partners they work with to monetize. Developer privacy policies are unfortunately not inclusive, as in many cases, further privacy policies from third-parties are linked within them”.

The probability of flagging apps requesting for too many permissions as malicious or potentially unwanted is less since users are the ones who give away these permissions by tapping ‘yes’. While apps can request as many permissions as they want, not all of them could be carrying out malicious activities.

Most of the times, app developers integrate ad SDKs into their app’s codes to earn revenue through ads. To enable targeting users with specific ads, the SDKs are designed to request for more permissions than the app really needs. It’s thus necessary that users choose the permissions that they give to a certain app when installing one even from the Play Store. If you wish to know more about app permissions and why you should care, we’ve detailed it in a previous report.