The
developer of the Brightest Flashlight app deceived consumers by transmitting their geolocation data and unique device identifiers to ad networks, the Federal Trade Commission said on Thursday.
The FTC charged GoldenShores Technologies, which puts out the flashlight app, with misleading consumers by failing to disclose in its privacy policy that the app transmits information. While
the app's privacy policy said it collected some information, the policy didn't explicitly state that the app would gather -- and share -- precise location data or device identifiers, according to the
FTC.
Instead, the policy told consumers that the app would collect “diagnostic, technical and related information,” which would be used in order “to improve our products
or to provide services or technologies.”
The FTC also alleged that the company designed its system to gather geolocation data and other information from consumers before showing them
the license agreement. Even though that agreement appeared to allow users to refuse to share data, the information had been collected by the time people read the agreement, the FTC said.
“Consumers would not expect the application to operate on their mobile devices, including collecting and using their device data, until after they have accepted the terms,” the FTC
alleged. “In fact, while consumers are viewing the Brightest Flashlight EULA (end user license agreement), the application transmits or causes the transmission of their device data, including
the device’s precise geolocation and persistent identifier, even before they accept or refuse the terms.”
The popular app, which has been downloaded 50 million times since 2011,
transforms Android devices into flashlights by turning on all lights on the device, including the camera flash.
The app developer agreed to delete personal information collected from
consumers, in order to settle Federal Trade Commission charges. The company also agreed that it won't collect or share users' geolocation data without their explicit consent.
The
enforcement action comes around 10 months after the Federal Trade Commission recommended in a report that mobile app developers should disclose data collection practices before gathering information,
and obtain opt-in consent before collecting sensitive data information.
The complaint signals that the FTC continues to scrutinize the growing mobile space, says advertising lawyer Jeffrey
Greenbaum, a partner in Frankfurt Kurnit Klein & Selz. “There's no question the FTC is very concerned about mobile,” he says.
He adds that the enforcement action shows that
the FTC will hold companies to the promises they make to consumers. “It's a reminder that companies need to take a second -- and third and fourth -- look at their privacy policies,”
Greenbaum says. “The FTC treats privacy policies very seriously.”