Criminal gangs could be using free torch apps to obtain sensitive customer details, such as bank details, according to security experts.
The Flashlight Apps Threat Assessment Report commissioned by US-based security firm SnoopWall found that many of the most popular third-party torch apps require permissions that put users at risk of espionage and cybercrime.
"We've all become victims of installing many apps on our smartphones and tablets that do much more than the service they should provide," said Gary Miliefsky, founder of SnoopWall.
"We have opened a Pandora's Box to online predators, cyber criminals and spies – all through these apps we foolishly trust."
The US Federal Trade Commission (FTC) found last year that one free flashlight app was guilty of "deceptive practice" for passing on users' details to advertisers without permission.
SnoopWall's report studied the top 10 Android torch apps, but found that similar apps in Apple's App Store and the Windows Phone app store were also vulnerable to hackers.
"The flashlight app pre-installed on the Apple iPhone appears to be safe," the report states. "However in both the iTunes store and on the Windows Phone app store, third-party flashlight apps access various hardware ports.
"The ports they access while they are running includes webcam, location services, using your GPS and other coarse location based internet. In addition, they use your internet connection."
Privacy advocates have warned that consumers should consider the intentions of free third-party apps.
"It is completely unsurprising that the public find themselves exposed to fraud and data theft when the apps they download are so far removed from privacy by design," said Emma Carr, director of Big Brother Watch.
"Few of us would expect an app to be able to access our contacts lists, text messages or location data, yet so many of them do just that. There needs to be far more awareness about how to protect your device and the data on it."