An android flashlight app, Brightest Flashlight, was secretly releasing information about your location and device to third-party information to advertisers, without your knowledge, and avoided a fine from the Federal Trade Commission, according to a settlement that was agreed upon last week.
In December 2013, an the FTC announced that Brightest Flashlight, developed by GoldenShores Technologies (which is a one-man operation by developer Erik Geidl), gave out geolocation data from app users to third party advertisers.
In the settlement decision, the FTC ruled that for giving out tens of millions of users locations to third-party advertisers, the company will have to:
1. Stop collecting app users’ geologcation without explaining how and why they’re doing so, and where the information is going
2. Keep records for the FTC to further inspect
3. Tell the FTC about any new business for the next ten years
4. Delete all the data collected within ten days
Brightest Flashlight, has been downloaded by 50-100 million android users, and has an average user review of 4.8 out of 5 stars in the android app store.
Besides profiting by selling location data to advertisers, the FTC said that Goldenshore’s practice was particularly alarming because app consumers didn’t know that their information was being given out, and more alarming, were falsely led to believe that they could opt out of any such data collection.
“At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.”
The FTC, according to its complaint, did not seek financial restitution because the app was free. But as Gigaom points out, that allows the developer to keep any funds exchanged for the data Brightest Flashlight collected.