Top 10 flashlight apps are ALL malware (china,russia,india)

[David Howard]

They say the top-10 flashlight apps are *all* malware!
http://www.snoopwall.com/threat-reports-10-01-2014/

Some require factory resets to clear it out.
http://www.foxnews.com/on-air/special-report-bret-baier/blog/2014/10/01/cybersecurity-threat-could-be-lurking-your-phone

iOS 7/8 does slightly better than Android but all are affected.
http://www.snoopwall.com/flashlight-apps-spying-revealed/

[Tom Wilson]

David Howard wrote, on Sat, 18 Oct 2014 03:55:55 +0000:

> They say the top-10 flashlight apps are *all* malware!

These are the top ten that they say are malware:
1. Super-Bright LED Flashlight
2. Brightest Flashlight Free
3. Tiny Flashlight + LED
4. Flashlight
5. Flashlight
6. Brightest LED Flashlight
7. Color Flashlight
8. High Powered Flashlight
9. Flashlight HD LED
10. Flashlight: LED Torch Light

These are the ones that I used:
a. TeslaLED (748KB)
b. HoloBulb (852KB)

They recommended their own flashlight app:
c. Privacy Flashlight (80KB)

But, I downloaded their flashlight and it has one major
flaw, which is that it shuts off when the screen times out.

[Tom Wilson]

Tom Wilson wrote, on Sat, 18 Oct 2014 04:57:08 +0000:

> These are the top ten that they say are malware:

And, these are their privacy suggestions (some of which I doubt):

1. Disable your GPS at all time except in an emergency or when you need
to use your smartphone for navigation purposes;
2. Disable your NFC (Near Field Communications) or on Apple devices,
iBeacon, permanently (http://support.apple.com/kb/HT6048);
3. Disable Bluetooth at all times except when you are in your car,
driving, if you want to have hands-free calls, if supported by your car;
4. Verify Apps behavior and privacy risk BEFORE installing – do some
research and ask the questions “why does this app need GPS, MICROPHONE,
WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they
want to invade your privacy. Find an alternative before installing risky
Apps;
5. Either put masking tape over your webcam and microphone when not in
use or pull the battery out of your smartphone when you are not using it.

Obviously for #1, there’s no need for geolocating you, unless you don’t
mind being spied upon by these malicious flashlight apps – or worse –
your children’s location being monitored by online predators. Best to
keep this hardware port disabled until you really need it.

For #2, you’re probably wondering “what the heck is NFC and why should I
care?”. We’ll it’s a new protocol for ‘bumping’ or getting close to other
devices, within 3 meters or so, to exchange information such as photos
and contacts. Is it secure? No. Can it be hacked just like Bluetooth?
Yes. Go into your device settings, find NFC, if you see it, disable it.

Ok, for #3, you’re thinking ‘that makes sense’ – Bluetooth is an easily
hacked protocol and folks can eavesdrop on communications over Bluetooth;
broadcast into your earpiece (yes, it’s been done); access your contacts
list and hack your smartphone device over Bluetooth. So, if you disable
this protocol everywhere except when you are in the car, wanting a hands
free experience for making and receiving calls, you should be much more
secure.

For #4, how many times do you install an app with excitement about
promised features and functions, only to find that it requires incredible
privacy risk? If it’s too good to be true it probably is and nothing in
this world is free. There are 9 major advertisement networks and some
deploy spyware. Free apps use these networks to monetize their businesses
and some are developed by professional cyber criminals, enemy nation
states for spying or by hackers for malicious reasons.

[Your Name]

In article <m1srv4$aq6$1...@solani.org>, Tom Wilson <TomW...@is.invalid>
wrote:

> David Howard wrote, on Sat, 18 Oct 2014 03:55:55 +0000:
> >
> > They say the top-10 flashlight apps are *all* malware!
>
> These are the top ten that they say are malware:
> 1. Super-Bright LED Flashlight
> 2. Brightest Flashlight Free
> 3. Tiny Flashlight + LED
> 4. Flashlight
> 5. Flashlight
> 6. Brightest LED Flashlight
> 7. Color Flashlight
> 8. High Powered Flashlight
> 9. Flashlight HD LED
> 10. Flashlight: LED Torch Light
>
> These are the ones that I used:
> a. TeslaLED (748KB)
> b. HoloBulb (852KB)
>
> They recommended their own flashlight app:
> c. Privacy Flashlight (80KB)

Gee, "all other flashlight apps are crap, download our app" ... what a
non-surprise that is. :-\

> But, I downloaded their flashlight and it has one major
> flaw, which is that it shuts off when the screen times out.

The "flaw" is if you believe their misleading advertising spam rubbish
designed to get you to download their app (which I wouldn't be at all
surprise is the only one that actually is malware, on Android anyway).
:-)

[David Howard]

On Sat, 18 Oct 2014 03:55:55 +0000, David Howard wrote:

> iOS 7/8 does slightly better than Android but all are affected.

Actually, after reading all I could on this, the Apple products
are MUCH safer than the Android products, it seems.

http://www.snoopwall.com/threat-reports-10-01-2014/
What about Apple iPhone flashlight apps?

The flashlight app pre-installed on the Apple iPhone appears to be safe.

However in the iTunes store 3rd party flashlight apps access various
hardware ports. The ports they access while they are running includes
Webcam, Location Services, using your GPS and other coarse location based
internet. In addition, they use your internet connection.

The good news is that apps like this cannot hide in the background.

The bad news is when you run downloaded Flashlight Apps, they are still
building up a profile on users

[he...@att.net]

In article <m1socb$hu6$1...@news.albasani.net>, David Howard

Why are you posting this to an iPad and iPhone newsgroups when the
posted links all refer only to Android devices?

[David Howard]

On Sat, 18 Oct 2014 18:05:34 +1300, Your Name wrote:

> Gee, "all other flashlight apps are crap, download our app" ... what a
> non-surprise that is. :-\

I read their report, and I read the reviews of their app, and
I agree they are both hyping too much, and providing too little.

The part they're hyping too much is that just because an app
*can* spy on you, doesn't mean it *is* spying on you.

The part they under deliver is that the reviews of their flashlight
app are dismal.

The good news is that iOS is safe with the default app, but apparently
*not* safe with the App Store apps (according to them).

[Your Name]

Because he's just a moron spam-advertising his own crappy app. :-\

[Jolly Roger]

On 2014-10-18, David Howard <dsho...@microsoft.com> wrote:
> They say the top-10 flashlight apps are *all* malware!
> http://www.snoopwall.com/threat-reports-10-01-2014/

From the article:

"The flashlight app pre-installed on the Apple iPhone appears to be
safe."

So much ado about absolutely nothing.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Jolly Roger]

On 2014-10-18, David Howard <dsho...@microsoft.com> wrote:

> On Sat, 18 Oct 2014 18:05:34 +1300, Your Name wrote:
>
>> Gee, "all other flashlight apps are crap, download our app" ... what a
>> non-surprise that is. :-\
>
> I read their report, and I read the reviews of their app, and
> I agree they are both hyping too much, and providing too little.

So you just *had* to post it to the world...

> The good news is that iOS is safe with the default app, but apparently
> *not* safe with the App Store apps (according to them).

Safer than the others:

"Apple iOS flashlights [are] more restricted in their spying
capabilities due to the hardened OS features of Apple iOS 7 & 8"

And the built-in flashlight is perfect; so there's little need for
third-party flashlight apps to begin with in iOS.

So much ado about nothing.

[Jolly Roger]

On 2014-10-18, David Howard <dsho...@microsoft.com> wrote:

> On Sat, 18 Oct 2014 03:55:55 +0000, David Howard wrote:
>
>> iOS 7/8 does slightly better than Android but all are affected.
>
> Actually, after reading all I could on this, the Apple products
> are MUCH safer than the Android products, it seems.
>
> http://www.snoopwall.com/threat-reports-10-01-2014/
> What about Apple iPhone flashlight apps?
>
> The flashlight app pre-installed on the Apple iPhone appears to be safe.
>
> However in the iTunes store 3rd party flashlight apps access various
> hardware ports. The ports they access while they are running includes
> Webcam, Location Services, using your GPS and other coarse location based
> internet. In addition, they use your internet connection.
>
> The good news is that apps like this cannot hide in the background.

The other good news is that those applications *cannot* access the
camera, location services, or GPS without the user's expressed
permission on each feature, with an automatic dialog box displayd the
first time the app attempts to access those features. The user is in
full, granular control at all times in iOS.

> The bad news is when you run downloaded Flashlight Apps, they are still
> building up a profile on users

Only if the user lets them.

[David Howard]

On Fri, 17 Oct 2014 22:12:43 -0700, henry wrote:

> Why are you posting this to an iPad and iPhone newsgroups when the
> posted links all refer only to Android devices?

You didn't read the original post nor the reference link.

Both also refer to iOS devices, and, specifically, they purposefully
*contrast* the iOS devices with the Android devices.

[s|b]

On 18 Oct 2014 14:45:16 GMT, Jolly Roger wrote:

> From the article:
>
> "The flashlight app pre-installed on the Apple iPhone appears to be
> safe."
>
> So much ado about absolutely nothing.

The Samsung Galaxy S4 Mini (GT-I9195) comes with a pre-installed
flashlight as well, so I'm not worrying...

--
s|b

[Jolly Roger]

They didn't say other built-in flashlight apps were safe. Good luck with
that.

[Rod Speed]

David Howard <dsho...@microsoft.com> wrote

That is complete and utter drivel with the built in iOS flashlight.

[Rod Speed]

Tom Wilson <TomW...@is.invalid> wrote
> Tom Wilson wrote,

>> These are the top ten that they say are malware:

> And, these are their privacy suggestions (some of which I doubt):

I doubt them all when running a decently secure OS like iOS.

> 1. Disable your GPS at all time except in an emergency or when
> you need to use your smartphone for navigation purposes;

No thanks, I'm not going to fart around turning it on and off all the time.

> 2. Disable your NFC (Near Field Communications) or on Apple devices,
> iBeacon, permanently (http://support.apple.com/kb/HT6048);

No thanks, I'm going to be using it for Apple Pay as soon as it works here.

> 3. Disable Bluetooth at all times except when you are in your car,
> driving, if you want to have hands-free calls, if supported by your car;

No thanks, I use it for my bluetooth headset that I used when out walking
for exercise when playing podcasts from our national radio broadcaster.

> 4. Verify Apps behavior and privacy risk BEFORE installing – do some
> research and ask the questions “why does this app need GPS, MICROPHONE,
> WEBCAM, CONTACTS, etc.?” – most apps don’t need these ports unless they
> want to invade your privacy. Find an alternative before installing risky
> Apps;

No point in farting around like that with iOS, just check
what they ask for permission to use and flush them if
there is no good reason why they need that permission.

> 5. Either put masking tape over your webcam and microphone when not in use

There is no point in farting around like that with iOS.

> or pull the battery out of your smartphone when you are not using it.

Not even possible with iThings.

> Obviously for #1, there’s no need for geolocating you, unless you
> don’t mind being spied upon by these malicious flashlight apps

Can't happen when you use the built in iOS flashlight that Apple
had enough of a clue to include and did well enough so that I don’t
find that I need anything else given its so easy to turn on as required.

> – or worse – your children’s location being monitored by online predators.

Not even possible with iOS.

> Best to keep this hardware port disabled until you really need it.

Mindlessly silly given that I really need it so often, multiple times
a week, mostly for logging what walking for exercise I have done
and for the occasional navigation to a specific garage/yard sale
site which has included the street number in the ad or with one
of the more obscure streets that I am not completely sure of the
location of.

> For #2, you’re probably wondering “what the heck is NFC

Nope.

> and why should I care?”. We’ll it’s a new protocol for ‘bumping’
> or getting close to other devices, within 3 meters or so, to
> exchange information such as photos and contacts.

But also for Apple Pay now or soon anyway.

> Is it secure?

I don’t care. Its secure enough for me.

> No. Can it be hacked just like Bluetooth? Yes. Go into
> your device settings, find NFC, if you see it, disable it.

No thanks, its quite handy at times and will be much more
handy in the future once Apple Pay is available here.

> Ok, for #3, you’re thinking ‘that makes sense’

Wrong, it makes no sense at all.

> – Bluetooth is an easily hacked protocol

I don’t care. What I listen to using it is available to anyone
who wants to listen to it themselves and I couldn’t give a
flying red fuck if anyone knows what I choose to listen to
from our national govt radio broadcaster.

> and folks can eavesdrop on communications over Bluetooth;
> broadcast into your earpiece (yes, it’s been done);

I don’t care.

> access your contacts list

Not with iOS they can't.

> and hack your smartphone device over Bluetooth.

Not with iOS they can't.

> So, if you disable this protocol everywhere except when you
> are in the car, wanting a hands free experience for making
> and receiving calls, you should be much more secure.

Wrong with iOS.

> For #4, how many times do you install an app with
> excitement about promised features and functions,
> only to find that it requires incredible privacy risk?

Never. I do choose to use some apps that do allow
me to keep my contacts in synch between my various
devices, and couldn’t care less if they snoop on that.

> If it’s too good to be true it probably is

Bullshit, most obviously with google that is very
useful indeed. I couldn’t care less if they know what
shops I have asked it what hours they keep etc.

> and nothing in this world is free.

Mindlessly silly.

> There are 9 major advertisement
> networks and some deploy spyware.

I couldn’t care less what they spy on.

If I do plan to murder someone I will make sure that
I can't be spied on when planning that or doing that.

> Free apps use these networks to monetize their businesses

I don’t care. I find what google provides very useful
and that it does a lot better job than Siri does with
stuff like store opening hours and navigation by voice.

> and some are developed by professional cyber criminals, enemy
> nation states for spying or by hackers for malicious reasons.

And there are fuck all of those on iOS systems.

And even if the US govt is spying on
my activitys, I couldn’t care less.

[Lee Waun]

"David Howard" <dsho...@microsoft.com> wrote in message news:m1sslr$hu6>

> The flashlight app pre-installed on the Apple iPhone appears to be safe.
>
> However in the iTunes store 3rd party flashlight apps access various
> hardware ports. The ports they access while they are running includes
> Webcam, Location Services, using your GPS and other coarse location based
> internet. In addition, they use your internet connection.
>

After reading all this I would ask why would anyone download a flashlight
app from Itunes when the installed one works great and is no risk.

I ask what more would one want a flashlight app to do than what the default
one already does?

[Jolly Roger]

On 2014-10-18, Lee Waun <lee...@telus.net> wrote:
>
> "David Howard" <dsho...@microsoft.com> wrote in message news:m1sslr$hu6>
>> The flashlight app pre-installed on the Apple iPhone appears to be safe.
>>
>> However in the iTunes store 3rd party flashlight apps access various
>> hardware ports. The ports they access while they are running includes
>> Webcam, Location Services, using your GPS and other coarse location based
>> internet. In addition, they use your internet connection.
>>
> After reading all this I would ask why would anyone download a flashlight
> app from Itunes when the installed one works great and is no risk.
>
> I ask what more would one want a flashlight app to do than what the default
> one already does?

Ads, clearly.

[Oscar Weazelstrangler]

"Lee Waun" <lee...@telus.net> wrote in message
news:m1uh12$4b7$1...@speranza.aioe.org...

>
>
> "David Howard" <dsho...@microsoft.com> wrote in message news:m1sslr$hu6>
>> The flashlight app pre-installed on the Apple iPhone appears to be safe.
>>
>> However in the iTunes store 3rd party flashlight apps access various
>> hardware ports. The ports they access while they are running includes
>> Webcam, Location Services, using your GPS and other coarse location based
>> internet. In addition, they use your internet connection.
>>
> After reading all this I would ask why would anyone download a flashlight
> app from Itunes when the installed one works great and is no risk.
>
> I ask what more would one want a flashlight app to do than what the
> default one already does?

One obvious possibility is to warn the user that its been
on for a while. I have managed to forget to turn the built
in one off and have just put the phone back in my pocket
with it on. It wouldn’t be hard to detect that using the
accelerometer etc and warn the user.

[David Howard]

On Sat, 18 Oct 2014 13:02:41 -0700, Lee Waun wrote:

> After reading all this I would ask why would anyone download a
> flashlight app from Itunes when the installed one works great and is no
> risk.

I don't disagree with you there!

Same with Android, except it doesn't come with a default flashlight app.

The key problem with the suggested flash light app on Android is that
it shuts off when the screen goes blank.

If they only fixed that, they'd have a winner.

[Your Name]

In article <m1v3rq$3dp$1...@news.albasani.net>, David Howard

Android needs to fix *A LOT* more than that before it's anywhere near a
"winner". ;-)

[David Howard]

On Sun, 19 Oct 2014 14:27:23 +1300, Your Name wrote:

> Android needs to fix *A LOT* more than that before it's anywhere near a
> "winner". ;-)

;-)

I have all the platforms, and, it seems that Android does more, but
also risks more. Likewise, it's hard to do *some* things on iOS but it
protects the user more.

Android is like Texas.
Apple's iOS is like California.

[BobbyK]

That requires explanation.

[Your Name]

In article <m1v4up$3dp$2...@news.albasani.net>, David Howard

Android is like Afghanistan.
iOS is like a gated residential community with 24-hour security guards.

;-)

[Kerry Blethan]

On Sat, 18 Oct 2014 20:53:17 -0500, BobbyK wrote:

>>Android is like Texas.
>>Apple's iOS is like California.
>
> That requires explanation.

I think what he means is that the "wild west" values freedom and the open
range, while the "nanny state" controls everything you do for your own
good.

[Andy Burns]

Tom Wilson wrote:

> David Howard wrote:
>
>> They say the top-10 flashlight apps are *all* malware!
>
> These are the top ten that they say are malware:
> 1. Super-Bright LED Flashlight
> 2. Brightest Flashlight Free
> 3. Tiny Flashlight + LED
> 4. Flashlight
> 5. Flashlight
> 6. Brightest LED Flashlight
> 7. Color Flashlight
> 8. High Powered Flashlight
> 9. Flashlight HD LED
> 10. Flashlight: LED Torch Light

farproc's Nexus Torch only requires "camera" and "don't sleep" permissions.

But Lollipop is going to have a built-in torch quick toggle, so that'll
be the beginning of the end for torch apps ...

[Frank Slootweg]

David Howard <dsho...@microsoft.com> wrote:
> On Sat, 18 Oct 2014 13:02:41 -0700, Lee Waun wrote:
>
> > After reading all this I would ask why would anyone download a
> > flashlight app from Itunes when the installed one works great and is no
> > risk.
>
> I don't disagree with you there!
>
> Same with Android, except it doesn't come with a default flashlight app.

Android (at least 4.1.1) *does* come with a default flashlight app!

That app is called .... <drum_roll> "Flashlight" (version 1.0).

It *does* have a lot of seemingly unneeded permissions, but that is -
as the app's 'App info' says - because for performance and memory usage
reasons, it runs in the same process as many other apps and functions:

"FM Radio, Android System, MMI test Key II, Key Chain, Profiles,
Settings Storage, Toolbox, ProjectMenuAct, androidhwext, Contacts
Extension, Google Back Transport and Settings"

[Jolly Roger]

Swiss cheese security, brought to you by Android. Nice.

[Anssi Saari]

David Howard <dsho...@microsoft.com> writes:

> They say the top-10 flashlight apps are *all* malware!

> http://www.snoopwall.com/threat-reports-10-01-2014/

Interesting. I don't know how my flashlight apps fare but they don't
seem to have suspicious permissions. One is called Torch and the other
is called Dashlight.

Permissions are:

Dashlight: Take pictures and videos, google play billing service,
control flashlight.
Torch: Take pictures and videos, draw over other apps, control
flashlight.

I believe the take pictures and videos permission is needed for
compatibility with older Android versions which didn't have a separate
permission for flashlight. I'd feel better if I could have a version
without that though but I understand the dev has to spam extra options
for compatibility.

Dashlight needs billing as it has in-app purchases. No idea why Torch
needs "draw over other apps" but I guess that's the way the app works.

Decided to keep Dashlight since it has more options. Dropped the apple
groups.

[Frank Slootweg]

Jolly Roger <jolly...@pobox.com> wrote:
> On 2014-10-20, Frank Slootweg <th...@ddress.is.invalid> wrote:
> > David Howard <dsho...@microsoft.com> wrote:
> >> On Sat, 18 Oct 2014 13:02:41 -0700, Lee Waun wrote:
> >>
> >> > After reading all this I would ask why would anyone download a
> >> > flashlight app from Itunes when the installed one works great and is no
> >> > risk.
> >>
> >> I don't disagree with you there!
> >>
> >> Same with Android, except it doesn't come with a default flashlight app.
> >
> > Android (at least 4.1.1) *does* come with a default flashlight app!
> >
> > That app is called .... <drum_roll> "Flashlight" (version 1.0).
> >
> > It *does* have a lot of seemingly unneeded permissions, but that is -
> > as the app's 'App info' says - because for performance and memory usage
> > reasons, it runs in the same process as many other apps and functions:
> >
> > "FM Radio, Android System, MMI test Key II, Key Chain, Profiles,
> > Settings Storage, Toolbox, ProjectMenuAct, androidhwext, Contacts
> > Extension, Google Back Transport and Settings"
>
> Swiss cheese security, brought to you by Android. Nice.

As far as I know, these are all part of the base Android system, i.e.
not (an) installable app(s). So this does not make these apps/functions
any less secure.

[Jolly Roger]

*WHOOSH*

[Trevor]

Someone clearly has no understanding of how Android works. And they're
trying to sell me a security product for it??

David Howard wrote:
> They say the top-10 flashlight apps are *all* malware!
> http://www.snoopwall.com/threat-reports-10-01-2014/
>

[D.F. Manno]

In article <m1uh12$4b7$1...@speranza.aioe.org>,

"Lee Waun" <lee...@telus.net> wrote:

> After reading all this I would ask why would anyone download a flashlight
> app from Itunes when the installed one works great and is no risk.

Because the iPod touch doesn't have one installed?

--
D.F. Manno | dfm...@mail.com
GOP delenda est!

[D.F. Manno]

In article <m201od$j50$2...@news.mixmin.net>,

You mean, like tell women they can't have abortions?

[DevilsPGD]

In the last episode of
<dfmanno-818AF2...@news.albasani.net>, "D.F. Manno"

<dfm...@mail.com> said:

>In article <m1uh12$4b7$1...@speranza.aioe.org>,
> "Lee Waun" <lee...@telus.net> wrote:
>
>> After reading all this I would ask why would anyone download a flashlight
>> app from Itunes when the installed one works great and is no risk.
>
>Because the iPod touch doesn't have one installed?

Does it have a light, but no support in the OS to turn that light on?

--
The following was seen at a car dealership,
announcing new seat belt legislation:

"Belt your family. It's the law."