A torch app for Android smartphones that turned on and off the flash has been secretly sharing user’s locations and device IDs with advertisers, the company as admitted.
The ‘Brightest Flashlight Free’ app has been downloaded from Google Play more than 50 million times, and the FTC said the developers "deceptively failed to disclose" that it was passing on user data to networks of advertisers.
The privacy policy on the download form said that "any" information collected by the app would be used by the company; however, it didn’t say that it would also send it to third parties.
"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,’ said Jessica Rich, director of the FTC’s consumer protection bureau.
"But this flashlight left them in the dark about how their information was going to be used."
The FTC also said that the app gave users a false choice: "At the bottom of the license agreement, consumers could click to ‘Accept’ or ‘Refuse’ the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier."
Thanks to the settlement, the app will now have to tell users where and when their data is about to get shared, and get their permission to do so.
The case is the first where the FTC has zeroed in on unwanted sharing of geolocation data as part of its requirement to protect US consumer privacy.
Erik Geidl who runs GoldenShores Technologies, the company behind the app, has been ordered to delete any personal information that the app has collected. He is also required to tell the FTC if he changes his employment over the next ten years.
