Flashlight app “deceived” millions by selling user data
Tens of millions of users have been ’deceived’ by the app ‘Brightest Flashlight’ into turning over to advertisers quantities of private data. The Federal Trade Commission (FTC) charged the app maker with turning on sharing data as a default setting allowing the “free” app to effectively sell data - in particular, geolocational data - onto advertisers.
The popular “Brightest Flashlight Free” app has been downloaded tens of millions of times by users of the Android operating system. In its complaint, the FTC alleges that Goldenshores Technologies, the company behind the |Flashlight app, told consumers that any information collected by the Brightest Flashlight app would be used by the company, and listed some categories of information that it might collect. The policy, however, did not mention that the information would also be sent to third parties, such as advertising networks.
Jessica Rich, the director of the FTC’s Bureau of Consumer Protection, even took the chance for some wordplay, saying that Brightest Flashlight left consumers “in the dark about how their information was going to be used".
While the app does allow users the ability to disable the reporting of location data to third-parties, sharing is on by default, rendering the option “meaningless,” according to the FTC. The settlement with the FTC prohibits the defendants from misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used. The settlement also requires the defendants to provide a just-in-time disclosure that fully informs consumers when, how, and why their geo-location information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so.
The decision appears to signify a new direction for the FTC. Mobile privacy is “an area that we have been really interested in, and we’ve been monitoring what’s going on in this space,” said Kerry O’Brien, an assistant regional director for the FTC in San Francisco. A recent study by Carnegie Mellon University found out that 100 Android Apps, 56 collected device data, contact lists, or location data, often unbeknownst to end users. Others named in the research as surprising to users as to how data was being collected by Rovio’s Angry Birds.
A Washington DC based privacy lawyer Bradley Shear claimed they, “believe [this is] much more widespread than the public thinks and that’s why the FTC has come down on these issues". “The big message from the FTC is that the industry needs to clean up its act and mobile app developers need to think about putting privacy and design into the creation of the apps.”