Why Do Android Flashlight Apps Need Dozens of Permissions?


This site may earn affiliate commissions from the links on this page. Terms of use.

No one should be downloading a flashlight app in the Year of Our Lord 2019 — that’s why both Google and Apple have integrated the ability into their devices as part of the base operating system. Avast security researcher Luis Corrons decided to evaluate the security of flashlight apps after the wave of concern around the Russian-owned Faceapp software. According to his work, there are still 937 flashlight applications on Google Play, despite the fact that Flashlight capabilities are baked into the Android OS. Many of these applications request far more permissions from end users than they ever need to function.

Instead of being limited to the functions you’d expect a flashlight to need (access the LED flash itself, download ads from the internet, and lock-screen access so the flashlight can be turned on or off without unlocking the device), many of these apps request far more. The average number of permissions requested by app is 25. 408 applications request 10 permissions or fewer, but 262 of them require 50 permissions or more. The table below shows the worst offenders:

Now, just because an application is requesting a lot of permissions doesn’t necessarily mean it is requesting them for nefarious purposes. But when Corrons dug deeper, the issues kept getting worse. A massive number of applications request permission to kill background processes, access your fine-grained location data, control Bluetooth connections, record audio, download data without notification, and write to your contacts list. A few even process incoming calls.

As Corrons discusses, the reason these apps have such ludicrous permissions isn’t because they’re actually trying to hook you up with Nigerian princes with large fortunes to dispose of. It’s undoubtedly so they can gather data and then sell it to other firms as part of their efforts to endlessly monetize all of human existence. He steps through how some of these apps are developed by studios with multiple multi-million downloads on the app store. All of the apps require the same invasive permissions, and they’re almost certainly funneling data to the same invisible group of partners.

Google, of course, could stop this kind of garbage in its tracks by forcing app developers to only request permissions that they can plausibly prove they need, and by tightening the approval process to make this kind of rampant data-collecting against its own terms of service. Google doesn’t, because that would alert people to how much of their own daily device usage is uploaded to third-party corporations in the first place. The companies that take advantages of loose user permission requirements aren’t exploiting a loophole; they’re using the system in the manner in which it’s intended to operate. Corrons notes that it’s extremely important for users to be aware of what kind of permissions their applications request. This is true, but it also puts the impetus of fixing the problem solely on the end-user.

Google has allowed its app store to be abused by people who are running massive data harvesting regimes — and it’s on Google to fix that problem, not end-users. Nobody should be downloading a flashlight app on a modern device. But Google shouldn’t be allowing applications to request permissions that they have no business requesting, either.

Now Read:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google releases Android 10 – gpgmail


Android 10 is now available, assuming you have a phone that already supports Google’s latest version of its mobile operating system. For now, that’s mostly Google’s own Pixel phones, though chances are that most of the phones that were supported during the beta phase will get updated to the release version pretty soon, too.

Since the development of Android pretty much happens in the open these days, the release itself doesn’t feature any surprises. Just like with the last few releases, chances are you’ll have to look twice after the update to see whether your phone actually runs the latest versions. There are plenty of tweaks in Android 10, but some of the most interesting new features are a bit hidden and (at least in the betas) off by default.

The one feature everybody has been waiting for is a dark mode and here, Android 10 doesn’t disappoint. The new dark theme is now ready for your night-time viewing, with the promise of improved battery life for your OLED phone and support from a number of apps like Photos and Calendar. Over time, more apps will automatically switch to a dark theme as well, but right now, the number seems rather limited and a bit random, with Fit offering a dark mode while Gmail doesn’t.

The other major tweak is the updated gesture navigation. This remains optional — you can still use the same old three-button navigation Android has long offered. It’s essentially a tweak of the navigation system the launched with Android Pie. For the most part, the new navigation gestures work just fine and feel more efficient than those in Pie, especially when you try to switch between apps. Swiping left and right from the screen replaces the back button, which isn’t immediately obvious, and a slightly longer press on the side of the screen occasionally opens a navigation drawer. I say ‘occasionally,’ because I think this is the most frustrating part of the experience. Sometimes it works, sometimes it doesn’t. The trick to opening the drawer, it seems, is to swipe at an angle that’s well above 45 degrees.

Also new is an updated Smart Reply feature that now suggests actions from your notifications. If a notification includes a link, for example, Smart Reply will suggest opening it in Chrome. Same for addresses, where the notification can take you right to Google Maps, or YouTube videos that you can play in — you guessed it — Youtube. This should work across all popular messaging apps.

There are also a couple of privacy and security features here, including the ability to only share location data with apps while you use them and a new Privacy section in Settings that gives you access to controls for managing your web and app history, as well as your ad settings in a slightly more prominent place.

The new Google Play system updates, the company can now also push important security and privacy fixes right to the phone from the Google Play store, which allows it to patch issues without having to go through the system update process. Given the slow Android OS upgrade cycles, that’s an important new feature, though it, too, is an evolution of Google’s overall strategy to decouple these updates and core features from the OS updates.

Two other interesting new features are still in beta or won’t be available until later this year, but Google prominently highlights Focus mode, which allows you to silence specific apps for a while and which is now in beta, and Live Caption, which will launch in the fall on Pixel phones and which can automatically caption videos and audio across all apps. I’ve been beta testing Focus Mode for a bit and I’m not sure it has really made a difference in my digital wellbeing, but the ability to mute notifications from YouTube during the workday, for example, has probably made me a tiny bit more productive.

Oh, and there’s also native support for foldable phones, but for the time being, there are no foldable phones on the market.

Like with most recent releases, those are just some of the highlights. There are plenty of small tweaks, too, and chances are you’ll notice a few new fonts and visual tweaks here and there. For the most part, though, you can continue to use Android like you always have. Even major changes like the updated gesture controls are optional. It’s very much an evolutionary update, but that’s pretty much the case for any mobile OS these days.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Downloads need to rank No. 1 on App Store is down 30% since 2016 for apps, up 47% for games – gpgmail


With the App Store’s big makeover in fall 2017, Apple attempted to shift consumers’ attention away from the Top Charts and more towards editorial content. But app developers still want to make it to the No. 1 position. According to new research from app store intelligence firm Sensor Tower, it’s become easier for non-game apps over the past few years to achieve the top ranking.

Specifically, the firm found that the median number of daily downloads required for non-game applications on the U.S. iPhone App Store to reach No. 1 decreased around 34% from 136,000 to 90,000 in 2018, then increased a little more than 4% to 94,000 this year.

At the same time, the number of non-game installs on the U.S. App Store had increased by 33% between Q1 2016 and Q1 2019.

These findings, Sensor Tower suggests, indicate that the U.S. market for the top social and messaging apps has become saturated, with downloads for top apps like Facebook and Messenger decreasing over time. In addition, no other apps have found the same level of success that Snapchat and Bitmoji did back in 2016 and 2017, the report adds.

For example, Messenger saw 5 million U.S. App Store installs in November 2016 while Bitmoji and Snapchat passed 5 million installs in August 2016 and March 2017, respectively. And no other non-game app has topped 3.5 million installs in a single month since March 2017.

Meanwhile, the decline in downloads needed to reach the No. 1 spot on Google Play was even more significant.

The median daily downloads for the top non-game app decreased by 65% from 209,000 in 2016 to 74,000 so far in 2019.

Similarly, the store saw a decrease in installs among top apps, including Messenger, Facebook, Snapchat, Pandora and Instagram. Messenger, for example, saw its yearly installs fall by 68% from nearly 80 million in 2016 to 26 million in 2018.

Games

With mobile games, however, it’s a different story across both app stores.

On the Apple App Store, it has taken 174,000 downloads for a game to reach the top of the rankings on any given day in 2019 — 85% more the 94,000 installs required for non-game app to reach the top of the charts.

This figure also represents an increase of 47% compared to the 118,000 median daily downloads required to top the charts back in 2016, Sensor Tower said.

median downloads no 1 google play

In part, this trend is due to the rise of hyper-casual gaming. So far in 2019, 28 games have reached the No. 1 position on the U.S. App Store, with hyper-casual games making up all but 4 of those. And of those four, only Harry Potter: Wizards Unite spent more than one day at the top of the charts. Meanwhile, hyper-casual games like aquapark.io and Colorbump 3D have spent 25 and 30 days at No. 1, respectively.

On Google Play, the median daily installs to reach the No. 1 position increased from 70,000 in 2017 to 116,000 so far in 2019, or 66% growth. Overall game downloads, however, decreased 16% from 646 million in Q1 2017 to 544 million in Q1 2019.

Similarly, 21 out of the 23 games that reached the top spot this year have been hyper-casual titles, like Words Story or Traffic Run.

Breaking the Top 10

While topping the charts has gotten easier for non-game apps over the years, breaking into the top 10 has gotten more difficult. Median U.S. daily installs for the No. 10 free non-game app increased 11% from 44,000 in 2016 to 49,000 in 2019.

median downloads top 10 ios

On Google Play, meidan daily installs for non-game apps fell nearly 50% from 55,000 median daily installs in 2016 to 31,000 in 2019.

For games, the No. 10 game’s spot on the App Store had 25,000 median daily installs in 2016 to 43,000 so far in 2019, and Google Play saw 26% growth from 27,000 to 34,000 during the same period.

median downloads top 10 google play

Categories making the Top 10

In terms of breaking into the top 10 by category, Photo & Video apps on the App Store present the most challenge. The category where YouTube, Instagram, TikTok and Snapchat reside saw a median daily amount of more than 16,000 downloads for the No. 10 app.

This was followed by Shopping (15,300 daily downloads for the No. 10 app), Social Networking (14,500), Entertainment (12,600), and Productivity (12,400).

On Google Play, Entertainment apps — like Hulu, Netflix and Bitmoji — need around 17,100 U.S. installs in a day to reach the top 10. This is followed by Shopping (10,800), Social (9,100), Music (8,200), and Finance (8000).

Beyond the U.S.

Outside the U.S., a non-game app needs approximately 91,000 downloads to reach the top 10 on the App Store in China — higher than the 49,000 installs needed in the U.S. For games, the U.S. is the most difficult to crack the top 10, with a median of 43,000 daily downloads for the No. 10 game.

median downloads top 10 by country ios

On Google Play, India required the most downloads to reach the top 10 with apps needing 256,000 downloads in a day and games needing 117,000 downloads.

median downloads top 10 by country google play

Of course, the App Store’s ranking algorithms — nor Google Play’s algorithms — rely on downloads alone to determine an app’s ranking. Apple takes into consideration downloads and velocity, among other undocumented factors. Google Play does something similar.

But these days, developers are more concerned with showing up highly ranked in app store searches than they are on top charts, where they’ll need to consider numerous other factors beyond downloads — like keywords, description, user engagement, and even app quality, among other things.

 

 


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google denies reports of unannounced changes to Android app review process – gpgmail


Multiple reports this week claimed Google had quietly rolled out a more in-depth app review process to all developers — changes designed to keep the Play Store safer from spam, malware, and copycat apps. Those reports are inaccurate, Google tells gpgmail. Instead, the company is giving itself more time to review apps from new, unestablished developers on the Play Store, as previously announced, but this hasn’t been extended to all developers.

Concerns about these so-called “unannounced changes” stemmed from a blog post by Choice of Games, which wrote that “all new apps” would be getting an additional review, slowing down app approvals. It claimed new apps would require at least three days for review, and this now included existing developers.

The post cited a conversation with Google Support as the source for its claims.

This led to a ton of confusion, as the development shop behind the post was well-established, having been on the Play Store since 2010 as would have been exempt from Google’s policy of increased reviews for new developers.

As it turns out, it appears there was miscommunication between Google Play Store developer support and the developer, according to the chat transcript that was published. The support person, “Liz,” was alerting the developer to the new policy Google announced in April, which detailed increased review times for Play Store newcomers. She didn’t appear to understand that she was speaking with a developer who had published on Google Play for nearly a decade.

Android Police also picked up the news, writing that it Google had “quietly instigated a more involved review process that impacts every app and update.”

Reddit and Hacker News also weighed in. In addition to the reported changes, developers were concerned there was now no way to schedule new app releases through the Timed Publishing feature. (That’s also not true — developers can publish to a closed testing track, then used Timed Publishing to go live to the public.)

A Google Developer Relations team member stepped in to clear things up on Reddit, and we’ve confirmed with Google that his responses were accurate.

Google’s updated app review process, first announced in April, hasn’t changed.

At the time, Google said:

“We will soon be taking more time (days, not weeks) to review apps by developers that don’t yet have a track record with us. This will allow us to do more thorough checks before approving apps to go live in the store and will help us make even fewer inaccurate decisions on developer accounts.”

Google began notifying developers directly in the Play Console in June that new apps by developers without a track record will take a couple of days longer to review. Google says that, since this change, it’s already seen a meaningful increase in the number of harmful apps blocked by Play even before they are published.

It’s not clear why the developer relations support person miscommunicated this information to the developer in question, but it points to a training issue on Google’s part.

It’s also unclear why the established developer’s app was held up in app review, beyond it just being a mistake on Google’s part.

Unfortunately for Google, Play Store developers have come to expect a speedy review process so any delays feel like unnecessary friction.

Unlike Apple, which employs a large team to carefully review app submissions and make hard calls on controversial apps, Google has more heavily relied on automation over the years. The company disclosed in the past how it uses software to pre-analyze apps for viruses, malware, and other content and copyright violations.

That process doesn’t always work, though. Only days ago, dozens of Android apps disguised as harmless photo editors and games were discovered to actually be adware. This follows similar news from January, where 85 apps were found to contain adware. And in May, where adware was discovered in some 200 apps totaling 150+ million installs. And, news from last November, where malware was found across over a dozen apps with half a million installs. And so on.

While it would make sense for Google to increase its review of all apps, given its inability to address this problem, that was not the case here.

 


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

8 million Android users tricked into downloading 85 adware apps from Google Play – gpgmail


Dozens of Android adware apps disguised as photo editing apps and games have been caught serving ads that would take over users’ screens as part of a fraudulent money-making scheme.

Security firm Trend Micro said it found 85 individual apps downloaded more than eight million times from the Google Play — all of which have since been removed from the app store.

More often than not adware apps will run on a user’s device and will silently serve and click ads in the background and without the user’s knowledge to generate ad revenue. But these apps were particularly brazen and sneaky, one of the researchers said.

“It isn’t your run-of-the-mill adware family,” said Ecular Xu, a mobile threat response engineer at Trend Micro. “Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behavior and time-based triggers.”

The researchers discovered that the apps would keep a record when they were installed and sit dormant for around half-an-hour. After the delay, the app would hide its icon and create a shortcut on the user’s home screen, the security firm said. That, they say, helped to protect the app from being deleted if the user decided to drag and drop the shortcut to the ‘uninstall’ section of the screen.

“These ads are shown in full screen,” said Xu. “Users are forced to view the whole duration of the ad before being able to close it or go back to app itself.”

When the app unlocked, it displayed ads on the user’s home screen. The code also checks to make sure it doesn’t show the same ad too frequently, the researchers said.

Worse, the ads can be remotely configured by the fraudster, allowing ads to be displayed more frequently than the default five minute intervals.

Trend Micro provided a list of the apps — including Super Selfie Camera, Cos Camera, Pop Camera, and One Stroke Line Puzzle — all of which had a million downloads each.

Users about to install the apps had a dead giveaway: most of the apps had appalling reviews, many of which had as many one-star reviews as they did five-stars, with users complaining about the deluge of pop-up ads.

Google does not typically comment on app removals beyond acknowledging their removal from Google Play.

Read more:


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Facebook sues two app developers for click injection ad fraud – gpgmail


Facebook has filed lawsuits against two app developers accused of generating fraudulent revenue using the social media giant’s advertising platform.

The company announced the legal action in a blog post Tuesday.

“The developers made apps available on the Google Play store to infect their users’ phones with malware,” said Jessica Romero, director of platform enforcement and litigation. “The malware created fake user clicks on Facebook ads that appeared on the users’ phones, giving the impression that the users had clicked on the ads.”

The scheme uses a technique known as click injection, which relies on apps fraudulently generating ad clicks without the user’s knowledge to artificially inflate the amount of ad revenue. It’s a problem previously noted by security researchers. Often, developers create junk or easy-to-make apps which get downloaded millions of times, while in the background they’re clicking on invisible ads without the user’s knowledge.

Facebook said in this case two developers, LionMobi — based in Hong Kong, and JediMobi — based in Singapore — generated “unearned payouts” from the social media giant’s advertisement system.

By our count, the app developers have seen more than 207 million installs to date. The apps remain on Google’s app store. Google did not immediately comment.

The social media giant said it refunded impacted advertisers.

A Facebook spokesperson did not immediately respond to a request for comment.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something