What a Flashlight App Brings to Light About Mobile Security
The Federal Trade Commission’s action targeting the developer of a widely used Android flashlight app underlines the danger mobile users face even from everyday downloads.
The Federal Trade Commission’s action targeting the developer of a widely used Android flashlight app underlines the danger mobile users face even from everyday downloads.
For decades, IT has faced a challenging situation on desktops—when users download any app they want, it makes it easier to run into security issues or computer slowdowns. They may even inadvertently introduce a virus.
The traditional approach to dealing with this? IT departments have made it harder for employees to install third-party software on work computers.
Mobile has traditionally been harder to clamp down in this way, but the recent saga of an Android-based flashlight app shows that something similar could be playing out on mobile devices, too.
What happened? Brightest Flashlight Free, an Android app that turns a smartphone into a flashlight, is immensely popular, with north of 50 million downloads from the Google Play app store since February 2011. However, those who relied on the app got something unexpected on the side: Its default setting would share location data about users with advertisers. The issue was exacerbated by the company, which deceived users about how the data would be used—and then continued to share the information, even if users opted to disable location tracking. The Federal Trade Commission (FTC) got involved and last week settled with app maker Goldenshores Technologies. Under the settlement terms, the company must delete the personal data it has collected, rewrite its privacy policy to inform users that it discloses such information, and get user permission before accessing the data going forward.
Why it matters: The flashlight app is far from the only one available in the Google Play store that collects information from users. According to The Guardian, an analysis by security researchers (conducted before news of the FTC settlement) found that 23,000 of the store’s 630,000 apps acquire user email addresses on poor terms. The researchers, from the company BitDefender, also found that Brightest Flashlight Free displayed fake malware warnings. With security becoming an issue on mobile, apps such as BitDefender and Lookout Mobile Security have built a foothold with Android users. (Apple’s iOS, with its stricter app approval process, faces fewer security dangers.) A recent HP study also emphasized that even everyday apps have security issues, with 86 percent lacking basic security defenses and 75 percent failing to properly encrypt data.
Bottom line: Mobile security challenges aren’t going away. And if yours is a BYOD shop, you should inform employees of the privacy and security risks they face even when they download something that seems innocuous.
(iStock/Thinkstock)
Comments