The rumor going around is that many popular flashlight apps are actually malware, stealing your personal data and sending it to foreign cyber criminals. After hearing about this I decided I'd look further into it and see what's really going on.
As it turns out, in 2014, a "cyber security company" released a report on the "potential threat", which stated that flashlight apps for Android devices could pose security risks based on the types of permissions the app requests in order to use the app.
The report made no definitive statements and did not offer any evidence that such activity was taking
I have confirmed that there are definitely a number of flashlight apps will ask for access to permissions and data on your phone that seemingly has nothing to do with the ordinary functioning of the app. Such permissions could theoretically enable a criminal to get sensitive personal information from your phone, however just having a flashlight app on your mobile device does not necessarily mean someone is stealing your personal data. There also isn't actually anything specific about a flashlight app that would make it more susceptible to being exploited than other apps and realistically, any app could technically be exploited this way.
Apps often request permissions they might not seem to actually need , but it does not mean the app is being used for nefarious purposes. For example, the Google Maps app asks for permission to make phone calls - which you might think is an odd thing needed by a map application - however after a little research you will discover that that permission is needed to take advantage of the feature to easily call a business you've found within the maps.
While it is important to watch what permissions an app asks for when you install it (and research why), the truth behind the flashlight app panic is that this is really only a media driven exaggeration. It's a classic case of people with little to no understanding of how technology actually works, who were having a slow news day and needed something to sensationalize. Sure the potential is there, but I can tell you as a PC technician that is a cyber criminal who wants your personal information, has much simpler ways to get it!