Android Flashlight app deceptively collected and sold location data

Brightest Flashlight Free is an Android app developed by GoldenShores Technologies, LLC that turned an Android smartphone into a flashlight.

It was first released on Google Play (then known as Android Market) on February 15, 2011. By the first week of March of the same year, it had recorded more than 100,000 downloads globally. It has since been downloaded tens of millions of times. Users really like free apps, especially if it serves a very useful purpose.

But as the saying goes, if a product is free, you – the user – are the real product. And that was true with Brightest Flashlight Free. The app (or the company, if it makes any difference) was collecting and selling the precise location and device id of its users to advertising networks. The problem: Users were not aware that the selling part was going on. In fact, they were told that their geolocation data will not be shared with advertising networks.

That’s a deceptive practice. So the Federal Trade Commission (FTC) got involved.
Android Brightest Flashlight app

According to the FTC report on the case, GoldenShores Technologies, through the app’s privacy policy:

…Told consumers that any information collected by the Brightest Flashlight app would be used by the company, and listed some categories of information that it might collect. The policy, however, did not mention that the information would also be sent to third parties, such as advertising networks.

Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

That is the type of stunt that LG was pulling with their smart TV. See Smart TV, Spy TV. Is that LG Smart TV spying on you?.

So what’s GoldenShores Technologies punishment for such a fraudulent and deceptive practice? I wouldn’t call it a punishment, more like a slap on the wrist. Aside from a fine that could be no more than $16,000 USD, the company is also prohibited:

…From misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used. The settlement also requires the defendants to provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so.

The defendants also will be required to delete any personal information collected from consumers through the Brightest Flashlight app.

That’s not enough. Companies ought to pay a very severe financial penalty for fraudulent practices.

Related Posts

Weave introduces ‘Gossip’ DNS service discovery for containers WeaveDNS is a service discovery solution for containers on Weave (network), a a networking solution for Docker containers from Weaveworks. WeaveDNS...
How to create and maintain anonymous email accounts Don't let what happened to the director (actually, former director) of a very powerful government agency make you think that engaging in anonymous ema...
Windows 8.1 partitions on the Lenovo G50 AMD A8 laptop My old laptop finally packed up about a week ago, so I went shopping for a new one. With money tight, I naturally went for a bottom of the line uni...
CoreOS announces Distributed Trusted Computing for Tectonic Enterprise Today’s vulnerabilities - Heartbleed, Shellshock, Poodle - have a brand. When vulnerabilities have a brand and your favorite companies are making ...
Russian government to invest in open source desktop The Russian government is planning to invest 150 million rouble (about 3.5 million Euro) in developing an secure open source desktop for public admini...
The most affordable FreeBSD-supported Cloud/VPS hosting providers Looking for a Cloud/VPS hosting provider that supports FreeBSD? Your search is more than half way done. That's because I have gone through the off...

We Recommend These Vendors

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).


One Comment

  1. “Companies ought to pay a very severe financial penalty for fraudulent practices.”

    But then the powers that be would have to be accountable to the same principles!

    NNnoooo, not going to happen!

Leave a Comment

Your email address will not be published. Required fields are marked *

*