ItsGeekToMe.co
The official home of It's Geek to Me on the web!
Issue #389: Jan 4–10, 2015
Q: What is your take on this flashlite app malware? tinyurl.com/klbvy7v It doesn’t affect me, as I don’t have a smart phone, but it may be something your readers should know about.
– Bob R.
Niceville, Florida
A: I absolutely agree with you, Bob! This is definitely something my readers need to know about, and I encourage everybody to visit the above link. It will take you to a 5 ½ minute video that will at the very least surprise you, and at the very worst, scare the bejeebers out of you. Now would be a great time to go and watch it. Go ahead – I’ll wait for you.
Wow, back already? That was fast. I would imagine one of the first things that comes to many people’s minds upon first hearing about this is “Is it real?”. I’m afraid that the answer is yes, it is absolutely real. For those of you who didn’t actually go and view the video, it is a news interview with a representative from Internet security website SnoopWall.com, who informs that every single one of the top-10 “flashlight” apps in the Google Play Store is actually malware that is stealing information from the devices upon which it is installed, and shipping the data back to such trustworthy countries as China, India, and Russia, who are doing heaven only knows what with it. One thing is sure – it’s nothing for your own good. Worse yet, if you suspect your apps and decide to play it safe, simply uninstalling them is not enough, as it has been determined that some of the apps are Trojan Horses which have installed additional malware in hidden areas of the device.
Apparently the only way to fully remove everything is to perform a factory reset on the device. This is a special action that wipes all data areas of the device, effectively returning it to the condition it was in when it first left the factory. Of course, this also wipes out all of your pictures, music, notes, calendars, and all other data you’ve created over time. To preserve this, you’ll need to manually save off whatever you don’t want to lose. You can’t simply back-up the phone and restore it, because you’ll very likely backup and restore the malware along with the rest of the operating system.
The video mentions one of the worst offenders as the ironically-named “Brightest Flashlight App” which was sued by the Federal Trade Commission after numerous consumer complaints. The app’s vendor made the case that lots of apps collect user data, and they were no different. The settlement “solved” the problem by requiring the app vendor to display a privacy policy stating that users’ personal data was being collected. So the vendor then created a massive User Agreement which, of course, nobody reads. Buried among the 25 or so pages of terms and conditions, each user is now explicitly agreeing to share all of their personal data, essentially allowing the app vendor free access everything on your device. Yeah, that’s a lot better!
What can we learn from this? Well, the first thing is that all of that cybersecurity stuff that I’ve been pushing on you is absolutely legitimate, and can have a very dire effect on you whether you believe it or not. There is no such thing as a free lunch, so the more apparent value you’re getting out of “free” stuff, the more suspicious you should be. I would venture to say this problem is not unique to flashlight apps, so rather than installing ever single cool-looking app that you come across, install only those that you actually need and use, to minimize your device’s exposure.
2 Responses to “Issue #389: Jan 4–10, 2015”
Leave a Reply
You must be logged in to post a comment.
I have an IPhone. I sent your article to several of my smart phone friends and received a response with a back up article that said this article does not pertain to IPhones, just phones that use Google flashlight apps. Perhaps you should follow up in your column to explain this so others don’t unnecessarily panic.
I’ve received feedback from a couple of people on this topic, and I am currently doing some independent research to get my facts straight(er) before posting anything else. Thanks for your concern, and stay tuned for an update!
-Geek