You have to admit, it was a bright idea. The maker of the Brightest Flashlight app for Android smartphones that was downloaded by tens of millions of people gave it away for free. But the location data the app collected and transmitted back to Goldenshores Technologies, Llc. -- to be shared with advertisers and "other interested parties," according to the Federal Trade Commission -- was far more valuable than an app fee.
The FTC on Thursday announced it had reached a tentative settlement in an inquiry into the developer's alleged deceptive privacy practices with a series of concessions, but no fines.
Left In The Dark
"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection in a statement.
“But this flashlight app left them in the dark about how their information was going to be used.”
The agreement, subject to public comment for 30 days, prohibits Goldenshores from "misrepresenting how consumers’ information is collected and shared and how much control consumers have over the way their information is used," the statement said. It also requires the defendants to "provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used and shared, and requires defendants to obtain consumers’ affirmative express consent before doing so."
They'll also have to delete personally identifying data collected so far through its Brightest Flashlight app.
The agreement will be posted in the Federal Register through Jan. 6, after which the Commission will decide whether to finalize the proposed consent order.
Goldenshores did not respond to our email seeking comment in time for publication, and its web site does not include phone contact information.
However, the settlement wasn't good enough for John Oliver, an affected app user, who left an expletive-filled message on Goldenshore's Facebook page, saying that "[people] like you give tech a bad name." Many other users of the app may feel much the same.
Charles King, principal analyst at the firm Pund-IT, said the data skimming flashlight app is unusual. "I haven’t heard of any app/developer being quite that stupidly bold," King said. "But apps containing or masking malware have been around for a while on Google Play, the Apple App Store and Amazon’s app store.
He added that given the explosive growth of the app market -- Google Play now has more than 700,000 offerings, it's all but inevitable that a "rogue app" or two will slip through the process.
"Plus, it’s difficult if not impossible for vendors to police apps that conceal the activities of apparently legitimate developers who are actually bad actors," King said. "But at this point, I believe the biggest threat continues to reside in 'unofficial' -- often pirated -- apps that are not subjected to any sort of control or oversight."