eDiscovery Daily Blog

If You Have a Flashlight App on Your Phone, You Need to Read This – Mobile eDiscovery

Yesterday, we discussed a case where a company faced a recommended severe default judgment sanction, in part because of the company’s failure to preserve data on “bring your own device” (BYOD) personal smart phones used by employees for work purposes.  This is merely one challenge associated with BYOD policies in organizations.  Another is the greater potential for spyware to capture data through installed apps.  Here is one reported example.

If you have a smartphone or tablet, you probably like to install various apps for everything from tracking your fantasy football team to playing games to keeping up with friends on Facebook or Twitter.  You can even use your smartphone as a flashlight, I do.  Apparently, doing so may introduce spyware onto that smartphone, especially on Android phones and tablets, if you believe one company’s new report.

At the beginning of the month, SnoopWall issued a threat assessment report entitled Summarized Privacy and Risk Analysis of Top 10 Android Flashlight Apps, where they stated that they tested and installed the Top 10 Android Flashlight Apps on various smartphones and tablets and found that all of the applications that they tested appear to obtain access and information way beyond the needs of a Flashlight. According to SnoopWall, some appear specifically designed to collect and expose your personal information to cybercriminals or other nation states, taking permissions to do everything from modifying or deleting USB storage contents, modifying system settings, control vibration, disable your screen lock and capture GPS and network location.  At least one of them has been sued by the FTC for doing so.

If you believe the report and you’re using your smartphone for work purposes, that potentially puts company data at risk as well.  If you’re using one of those flashlight apps, SnoopWall’s strong recommendation is to uninstall it immediately.  They also note that you might need to reset your phone completely after the uninstall or even go to FACTORY RESET or a WIPE.

They also provide a list of what we think are best practices for increasing privacy and security on your device without spending any money, but they vary in practicality (#5 is to “either put masking tape over your webcam and microphone when not in use or pull the battery out of your smartphone when you are not using it” – not exactly practical).

As for the Apple iPhone and iPad or Microsoft WindowsPhone flashlight apps, SnoopWall states that the “flashlight app pre-installed on the Apple iPhone appears to be safe”, but notes that in both the iTunes store and on the Windows Phone app store, third party flashlight apps access various hardware ports including Webcam, Location Services and GPS.  So, there are stated risks on those platforms if you are using those apps.

Conveniently (hmmm), SnoopWall has developed their own free flashlight app, touted to install no ads, spyware or “bloatware”.  They also offer privacy apps that they state are designed to find apps that are spying on you, protect you when conducting financial transactions on your mobile device, etc.

Is it true?  Or is it just a very clever marketing campaign?  The myth debunking site Snopes states that these apps are pre-screened for malware, while acknowledging that one specific flashlight app was cited by the FTC for selling data to advertisers (that case was settled last December).

So, what do you think?  Do you have a third party flashlight app on your smartphone or tablet?  If so, how seriously do you take the report from SnoopWall?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

print