The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

The Most Popular Flashlight App Kept Consumers in the Dark about Tracking Them.

Have you ever downloaded a flashlight app?

Well, if you have and use it on an Android, you might want to check out which one it is. If it’s “Brightest Flashlight Free,” there’s some big news for you, along with more than 50,000,000 other users!

On December 5, 2013, the Federal Trade Commission (“FTC”) issued a settlement package with the app’s developer – Goldenshores Technologies, LLC – claiming that the company violated Section 5 of the FTC Act with its deceptive practices. The FTC alleges that, not only did the company omit material information about sharing sensitive user data with advertising networks and other third parties, but it also failed to ensure that the privacy disclosures it did make were accurate and sufficiently prominent. So, just think, if you have Brightest Flashlight Free, your precise location data has been shared with third parties without your consent, and they could be using that data to track your whereabouts.

How did Goldenshores Technologies do it? Well, according to the FTC charges, the company deceptively failed to disclose to consumers that the app transmitted users’ precise geolocation and unique device identifier – information the FTC considers sensitive – to third parties. Furthermore, the privacy policy, found only in the End User License Agreement and not in the app’s promotional page on the Google Play store, listed some information that the company might collect, but failed to mention the inclusion of sensitive information. The privacy policy also stated that only Goldenshores would use the information listed, not third parties.

But wait! There’s more! Even if you downloaded Brightest Flashlight Free but never used it, the FTC alleges that you could still have been tracked. According to the proposed settlement, if users downloaded the app, viewed the End User License Agreement but then chose to reject it, the user’s precise geolocation information and Device ID was already being transmitted. So even if you never used the downloaded app, your sensitive data was already on its way. How many of us remember whether we downloaded an app that we never used?

So what’s the big deal? Well, with location data and device IDs, an advertising company can pull together your information across several apps, enabling a marketer to follow you throughout your day. And if you downloaded Brightest Flashlight Free, you weren’t given a choice about it.

The FTC’s proposed settlement package has a number of elements. Even though Brightest Flashlight Free has been accused of improperly collecting and sharing sensitive information, because the app was free, the settlement does not include a fine against the company. It does, however, require Goldenshores to clean up its act and stop misrepresenting how consumer information is collected and shared, and how much control consumers have over the way that their information is used. Goldenshores must also provide a just-in-time disclosure that fully informs consumers when, how, and why their geolocation information is being collected, used, and shared, as well as obtains their affirmative express consent before doing so. And, fortunately, the company must delete all of the sensitive information Brightest Flashlight Free nefariously collected. So that’s the good news. But what about the sensitive data already sent to third parties? No mention of that being deleted, unfortunately.

The commission is accepting comments on the proposed consent agreement package through January 6, 2014. Maybe someone will ask them what will happen to all the sensitive data those third parties already have.

Author: eblumenfeld

Elizabeth Blumenfeld is a counsel in Crowell & Moring's Washington, D.C. office and a member of the Advertising and Product Risk Management Practice Group and Privacy & Cybersecurity Group. Her practice is focused on privacy and data compliance counseling.

Comments are closed.