You just had a flat tire along a dark country road. Luckily, you downloaded a flashlight app into your cellphone and now can put it to use.

But that flashlight, handy as it is, may be just one of many doors you unwittingly opened to let spies take up residence inside your phone.

โ€œMost free flashlight apps are creepware,โ€ says Gary S. Miliefsky, CEO of SnoopWall (www.snoopwall.com), a company that specializes in cybersecurity.

Creepware is malware that spies on you and your online behavior, and could pass along information to others.

For example, Goldenshores Technologies, the company behind the popular โ€œBrightest Flashlight Freeโ€ app for Android phones, agreed in 2013 to settle the Federal Trade Commissionโ€™s charges that the software secretly supplied cellphone locations to advertising networks and other third parties.

The problem doesnโ€™t begin and end with flashlight apps, though. Many seemingly innocuous apps that people carry around with them on their mobile devices have the capability to eavesdrop on their activities.

โ€œConsumers trust first and verify never,โ€ Miliefsky says. โ€œAs a result, most of their smartphones are infected with malware that they trust in the form of some kind of useful app or game.โ€

Miliefsky offers these tips for ousting those spies inside the phone:

  • First, assume youโ€™ve already been compromised. Itโ€™s nice to think all is probably well, but most likely itโ€™s not. Somewhere in the phone the spies are at work and itโ€™s time to take the privacy behaviors and privacy policies of these apps more seriously.
  • Verify the behavior and privacy risks for apps before installing them. Do some research and ask the question: โ€œWhy does this app need GPS, microphone, webcam, contacts, etc.?โ€ Most apps donโ€™t need these ports unless they want to invade your privacy, Miliefsky says. Find an alternative before installing risky apps.
  • Do a smartphone version of spring cleaning. Delete all the apps you donโ€™t use that often. Replace the apps that take advantage of too many of your privacy settings, such as GPS, phone and text-message logs, with similar apps that donโ€™t.
  • Turn off WiFi, Bluetooth, Near Field Communication and GPS except when you need them. That way, Miliefsky says, if you are at a local coffee shop or in a shopping mall, no one can spy using nearby (proximity) hacking attack. They also canโ€™t track where you were and where you are going on GPS.
  • Check to see if your email has put a tracer on you and your phone. โ€œIf you use a Google email account and have an Android phone, youโ€™d be surprised that even with your GPS off, itโ€™s tracking your every move,โ€ Miliefsky says. You need to go into the phoneโ€™s settings to turn off that tracking feature, he says. In your Android phone, go to โ€œsettings,โ€ then โ€œlocation.โ€ Select โ€œGoogle location reportingโ€ and set โ€œlocation historyโ€ to off.