Android Flashlight app deceptively collected and sold location data

Brightest Flashlight Free is an Android app developed by GoldenShores Technologies, LLC that turned an Android smartphone into a flashlight.

It was first released on Google Play (then known as Android Market) on February 15, 2011. By the first week of March of the same year, it had recorded more than 100,000 downloads globally. It has since been downloaded tens of millions of times. Users really like free apps, especially if it serves a very useful purpose.

But as the saying goes, if a product is free, you – the user – are the real product. And that was true with Brightest Flashlight Free. The app (or the company, if it makes any difference) was collecting and selling the precise location and device id of its users to advertising networks. The problem: Users were not aware that the selling part was going on. In fact, they were told that their geolocation data will not be shared with advertising networks.

That’s a deceptive practice. So the Federal Trade Commission (FTC) got involved.
Android Brightest Flashlight app

According to the FTC report on the case, GoldenShores Technologies, through the app’s privacy policy:

…Told consumers that any information collected by the Brightest Flashlight app would be used by the company, and listed some categories of information that it might collect. The policy, however, did not mention that the information would also be sent to third parties, such as advertising networks.

Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

That is the type of stunt that LG was pulling with their smart TV. See Smart TV, Spy TV. Is that LG Smart TV spying on you?.

So what’s GoldenShores Technologies punishment for such a fraudulent and deceptive practice? I wouldn’t call it a punishment, more like a slap on the wrist. Aside from a fine that could be no more than $16,000 USD, the company is also prohibited:

…From misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used. The settlement also requires the defendants to provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so.

The defendants also will be required to delete any personal information collected from consumers through the Brightest Flashlight app.

That’s not enough. Companies ought to pay a very severe financial penalty for fraudulent practices.

Related Posts

IFC6410: Snapdragon S4 Pro-based single board computer IFC6410 is a single-board, SoC computer powered by Qualcomm's Snapdragon S4 Pro processor, the same processor that powers Google's Nexus tablet comput...
With 15 days left, Kano has raised more than $1 million on Kickstarter You know your project will be a hit when you ask an investor for USD $100,000, but instead, you get a check for USD $1 million. That's what's happe...
Students line up for new free software master at open universities Two of Europe's open universities, the Universitat Oberta de Catalunya in Spain and Open Universiteit in the Netherlands, are about to start the firs...
Slovenian public administrations moving to open source desktops Public administrations in Slovenia are to increase their use of free and open source software on their desktop computers. Around 2015, 80 percent of t...
Open source professorship at University of Erlangen-Nuremberg Germany's first open source professorship was established at the Friedrich-Alexander-Universität Erlangen-Nürnberg. First professor of Open Source ...
How to install S3QL from source on Fedora 19 S3QL is an online file system for UNIX-like operating systems that provide features like compression, encryption, data de-duplication, immutable trees...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


One Comment

  1. “Companies ought to pay a very severe financial penalty for fraudulent practices.”

    But then the powers that be would have to be accountable to the same principles!

    NNnoooo, not going to happen!

Leave a Comment

Your email address will not be published. Required fields are marked *

*