Here’s a clip of cybersecurity expert Gary Miliefsky explaining how all of the top ten flashlight apps on the Google Play Store are malware over b-roll footage of iPhone users toggling the flashlight in Control Center. In fairness to the editor who put the package together, there probably isn’t a whole lot of file footage of people opening random free flashlight apps on an Android phone.
The actual information in the clip is somewhat amusing (if you’re an iPhone owner) or frightening (if you don’t pay attention to the Android apps you’re downloading). According to Miliefsky, a large number of flashlight apps on the Google Play Store are actually transmitting user data including address book entries and personal information to multiple endpoints in at least three different countries.
Half a billion devices have apparently downloaded the malicious software, which Miliefsky says can only be fully removed via a full factory reset. Whether these app developers are using the data for anything nefarious hasn’t been determined but it’s best to be on your guard when downloading apps, even from official sources like Google Play. Miliefsky’s suggestion is to find a flashlight app with a very small file size since larger apps likely contain a large amount of malicious code, but for advice from a security expert that doesn’t seem like a great way to be sure of an app’s intentions.