You want the lights turned on? We’ll just need access to your credit card numbers, and your PINs and passwords, and all other personal and corporate data, and your current physical location, and …
That sounds crazy, right? If all the light switches in the building worked that way, we would see a big run on the candle supply.
But this is what’s going on.
When you go to the Permissions list on the app’s page, you see that it needs to have access to the camera. Sure, that’s how it turns on the LED used as the flash. But keep reading. If you install this app, you also give it:
All of this for a flashlight function?
And despite all this, they supposedly have somehow managed to get between 10 and 50 million people to download and install this?
I am very suspicious of the numbers. Look at the surprisingly numerous 5-star reviews and see the strange misspellings and broken English. “Ive been had this app since i own a start phone” and so on. In the overview, notice the unusually constant high rate of downloads. I suspect that something, perhaps the app itself, automates further downloads to inflate apparent trustworthiness. Just consider the name of the app, it seems to be designed purely to match common search strings. Auto manufacturers never name a design the “Best Mileage Cheap”.
As we discuss in Learning Tree’s Cloud Security Essentials course, BYOD or Bring Your Own Device is happening. Deal with it, don’t deny it. But be aware of what can ride in on those devices.
I think that some people in management see BYOD as a magical money pot. “This is great! We can spend less buying and maintaining workstations because we can obligate our employees to buy and pay the monthly contract for their mobile devices!” But unless you put some effort (and therefore money, oh no!) into helping them secure those devices, who knows what may happen to your corporate data.
There are some good mobile device software packages, including several free ones from vendors like AVG, McAfee, Sophos, Symantec, and many more. In order to protect your data, you will have to help your users to protect themselves.