At a recent IT security meeting I attended, one of the presenters made a very strong warning for users of Android smartphones. This specifically relates to the camera light and using it as a flashlight.
If your device does not have a built in widget for using the camera light as a flashlight, take note. According to this source, most of the top rated Android flashlight apps contain embedded malware that will capture what your camera captures, potentially even capture what you are typing on the device or saying near the device and send it to servers under the control of the malware maker.
I have not been able to personally verify this risk, or which apps this may apply to, but I was able to find corroborating information that makes this risk appear to be legitimate.
So, if you are using a flashlight app on and Android device, you should remove it. Only use a native widget, like that found on the iPhone, to use your camera light as a flashlight. If it wasn’t put there by the manufacturer, as part of the operating system, don’t trust it.