Android Flashlight app deceptively collected and sold location data

Brightest Flashlight Free is an Android app developed by GoldenShores Technologies, LLC that turned an Android smartphone into a flashlight.

It was first released on Google Play (then known as Android Market) on February 15, 2011. By the first week of March of the same year, it had recorded more than 100,000 downloads globally. It has since been downloaded tens of millions of times. Users really like free apps, especially if it serves a very useful purpose.

But as the saying goes, if a product is free, you – the user – are the real product. And that was true with Brightest Flashlight Free. The app (or the company, if it makes any difference) was collecting and selling the precise location and device id of its users to advertising networks. The problem: Users were not aware that the selling part was going on. In fact, they were told that their geolocation data will not be shared with advertising networks.

That’s a deceptive practice. So the Federal Trade Commission (FTC) got involved.
Android Brightest Flashlight app

According to the FTC report on the case, GoldenShores Technologies, through the app’s privacy policy:

…Told consumers that any information collected by the Brightest Flashlight app would be used by the company, and listed some categories of information that it might collect. The policy, however, did not mention that the information would also be sent to third parties, such as advertising networks.

Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

That is the type of stunt that LG was pulling with their smart TV. See Smart TV, Spy TV. Is that LG Smart TV spying on you?.

So what’s GoldenShores Technologies punishment for such a fraudulent and deceptive practice? I wouldn’t call it a punishment, more like a slap on the wrist. Aside from a fine that could be no more than $16,000 USD, the company is also prohibited:

…From misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used. The settlement also requires the defendants to provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so.

The defendants also will be required to delete any personal information collected from consumers through the Brightest Flashlight app.

That’s not enough. Companies ought to pay a very severe financial penalty for fraudulent practices.

Related Posts

Hardware Encryption Developed for New Computer Memory Technology Security concerns are one of the key obstacles to the adoption of new non-volatile main memory (NVMM) technology in next-generation computers, which w...
Distributed data analysis with plain UNIX commands and Docker Swarm Editor: For setting up the Docker Swarm cluster used in this article, the author uses Docker Machine. Keep that in mind because the pre-stable version...
You may now buy the SlateBook x2 for “just” $479 HP's SlateBook x2, an hybrid computer which combines the features and functions of an ultrabook and a tablet and which was first announced in May, is ...
How to configure Ubuntu 14.04 server to forward root mails to your email address This short tutorial shows how to configure a Ubuntu 14.04 Cloud server to forward system-generated mails sent to the root account to your email addres...
Towards a mandatory, always-on and ubiquitous encryption in XMPP networks Now that we know that our online communications are not necessarily private and secure, there is a growing need to have end-to-end encryption built in...
How to deploy a Dockerized Java app with a MariaDB backend in 60 seconds Java developers and DevOps professionals have long struggled to automate the deployment of enterprise Java applications. The complex nature of the...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


One Comment

  1. “Companies ought to pay a very severe financial penalty for fraudulent practices.”

    But then the powers that be would have to be accountable to the same principles!

    NNnoooo, not going to happen!

Leave a Comment

Your email address will not be published. Required fields are marked *

*