Flashlight app vendor settles with FTC over privacy violations

The maker of a popular flashlight app for Android phones agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.

The settlement, announced Friday, requires Goldenshores Technologies LLC to provide a just-in-time privacy disclosure informing users about what, how, when and why their geolocation information is being collected by the company's "Brightest Flashlight Free" app.

The settlement prohibits Goldenshores from misrepresenting how consumer information is collected and shared. It also requires the company to specify precisely how much control users will have over the manner in which their personal data is used, the FTC said in a statement.

Under the agreement, Goldenshores is required to delete all consumer information it collected through the flashlight app. However, the FTC did not assess any fines against the company for its privacy violations.

The FTC said Goldenshores transmitted users' location data and device ID numbers to advertising networks and other third parties without the consent or knowledge of the users.

It also accused the app maker of deceiving consumers into thinking they had the option of not sharing their data when in fact they had no control over the data. Regardless of whether users accept or reject the terms of the company's license agreement, the flashlight app would transmit location data and device ID information as soon as the consumer launched the application, the FTC said in its complaint .

"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," said Jessica Rich, drector of the FTC's Bureau of Consumer Protection in the statement. "But this flashlight app left them in the dark about how their information was going to be used."

Goldenshores could not be reached immediately for comment.

The FTC's actions are another indication of the growing scrutiny being given to the data collection and data sharing practices of mobile app vendors.

Numerous reports of egregious privacy violations by leading mobile application vendors prompted lawmakers to introduce a bill earlier this year that would require vendors to disclose what data they collect and how the data is share, use and stored. The bill, known as the Application Privacy, Protection and Security Act, would give the FTC the power to enforce privacy rules on mobile app vendors.

Meanwhile, states such as California have plowed ahead with enforcing privacy rules on mobile app vendors. Last year, California Attorney General Kamala Harris struck an agreement with several leading companies, including Facebook and Google, to make their privacy policies more transparent to users of their mobile apps.

The mobile industry itself has tried to stave off regulations via a multi-stakeholder initiative led by the National Telecommunications and Information Administration (NTIA). Under that effort, industry stakeholders, rights groups and Internet marketers are developing a privacy code of conduct for the mobile industry.

This article, Flashlight app vendor settles with FTC over privacy violations, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about application security in Computerworld's Application Security Topic Center.