FTC Settles With Flashlight App Developer Over Data Collection

Says users were in dark about fact it collected geolocation info and sent it to third parties

According to the Federal Trade Commission, the "Brightest Flashlight" app for Android devices was revealing more than objects in the dark.

The FTC said Dec. 5 it had settled with app company Goldenshores Technologies over charges it had deceived consumers about how their geolocation information would be shared with ad networks and other third parties.

According to the FTC, the app, which has been downloaded tens of millions of times, transmitted locations and device identifiers to ad networks but that the privacy policy did not disclose that.

It also said the company deceived consumers with a false choice. On first opening the app, users could accept or reject a license agreement about data sharing, but that "even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

The FCC cannot require such privacy policies, but if those policies do not provide accurate info, the FTC can pursue them under its false and deceptive ad authority.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a statement. “But this flashlight app left them in the dark about how their information was going to be used.”

The company was not fined, but it is prohibited from misrepresenting its information collection or collecting info before users have a chance, via just-in-time notifications, to just say no. That means when an app is opened that collects geolocation information, it must plainly state it is doing that and allow for opting out. The company must also delete any personal info already collected.