Like most people, I have a flashlight app on my smartphone. It was a free download. It's handy to always have a flashlight in my pocket. I use it often while setting up on stage.
 
Yesterday I noticed that it was storing 8.2 MB of data (beyond the 6.7 MB the app itself takes up). I found that surprising. What on earth would a flashlight be storing? For that matter, why is a program that simply turns on a light 6.7 MB in size?
 
Then I checked the app's settings. Shockingly, I had given this flashlight the following permissions:
 
- read phone status and identity
- take pictures and videos
- read, modify and delete my USB storage
- change system display settings
- full network access: receive data from internet, view network connections, view wi-fi connections
- retrieve running apps
- control flashlight and prevent phone from sleeping
- modify system settings
 
Holy crap! This flashlight can take photos without my knowledge, monitor all network activity, know what other apps I have, and even reconfigure my phone.
 
I then checked other apps on my phone. I have a compass app that I actually paid for. It has permission to take photos and has full network access. Why does it need any of that to tell me which way is North?
 
Another one is called "Earth", a map utility. It has permission to find, use, add and delete accounts on the device.
 
AT&T installed an app that (I think) lets me use my phone as a TV remote. It can take pictures and videos, send, receive and edit text messages, record audio, read and modify my Contacts, read and modify my calendar, read and write web bookmarks.
 
It's true: there's no such thing as a free lunch. Those "free" apps may be nothing more than a trojan horse.
 

Google Maps comes with Android phones. No need for anything redundant.

Mine also has a flashlight that came with it. All it does is turn on and off the camera flash.

OMG that's frightening! Thanks for the heads up Dave.

bitflipper
It's true: there's no such thing as a free lunch. Those "free" apps may be nothing more than a trojan horse.
 

So download and install the FREE version of Cakewalk by Bandlab today!!!   <GGG>

I actually did visit BandLab's privacy statement after this. It's pretty simple, but does leave some loopholes if they ever wanted to be nasty about it. Including the standard "we can change this policy any time we like". But compared to the lengthy privacy policy from my bank, it's quite straightforward. And not nearly as nasty as Amazon's policy, which says they can and will sell everything they know about you.

I guess a more perplexing question for me is why do they want the info?  On the surface ot seems they are data mining to use for sales leads. The reason why I get green coffee beans advertisements following me around all over the web.
If they want to turn on my camera, they will see me in my underwear or maybe something else they really don't want to see. If they turn on my audio they won't hear anything interesting. I'm probably too far gone. I have Alexa in three rooms of my house. She does my lighting and controls my heat/AC with voice control. Tells me the weather.
 
The thing I find curious is sometimes my Android will ask me for location data when I'm downloading an app that is totally unrelated to location. Probably more data mining.

When I got my first Android-based phone a few months ago, I went to Google Play to look for useful apps, especially free ones. It took me a while to notice the "Permissions" link way down at the bottom of the app description pages. It was a shock to see what we're agreeing to when we install some of these apps.

I made a comment about those apps a couple weeks ago. Google has incredibly lax app store requirements, so seeing the OP scenario is more the norm than the exception. Apple is more stringent on developers.

Several years ago I drove past a bus and got the message popup "so and so would like to share your address book." New phone with new features... That wasn't a good one.

Always verify permissions of apps and understand your OS platform. Cells phones are the easiest vehicle for nefarious activity for various reasons. The fact that most people cannot be physically separated from their phone make the risk that much more... I had a friend whose phone got hot when she left her home because her gf was stalking her via FB (GPS tracking made her phone hot). It got enabled by that person sending the request when she was in the bathroom and accepted without her knowledge.

Be safe, not sorry.

What privileges does band lab want on phones. Perhaps Meng can educate us on what they really do.

For more Orwellian fun, you can now dowload your Facebook history.
(Click Download a copy of your Facebook data at the bottom of General Account Settings on your FB page.)
 
You will get a zip archive sent to you in about 30 minutes that will contain everything FB knows about you and everything you have done, said, uploaded on FB.
 
You might be shocked at the list of advertisers who have your contact info!  I know I did not give them my info...