Flashlight app vendor settles with FTC over privacy violations

Goldenshores lied to users about its flashlight app's data sharing habits, FTC says

The maker of a popular flashlight app for Android phones agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.

The settlement, announced Friday, requires Goldenshores Technologies LLC to provide a just-in-time privacy disclosure informing users about what, how, when and why their geolocation information is being collected by the company's "Brightest Flashlight Free" app.

The settlement prohibits Goldenshores from misrepresenting how consumer information is collected and shared. It also requires the company to specify precisely how much control users will have over the manner in which their personal data is used, the FTC said in a statement.

Under the agreement, Goldenshores is required to delete all consumer information it collected through the flashlight app. However, the FTC did not assess any fines against the company for its privacy violations.

The FTC said Goldenshores transmitted users' location data and device ID numbers to advertising networks and other third parties without the consent or knowledge of the users.

It also accused the app maker of deceiving consumers into thinking they had the option of not sharing their data when in fact they had no control over the data. Regardless of whether users accept or reject the terms of the company's license agreement, the flashlight app would transmit location data and device ID information as soon as the consumer launched the application, the FTC said in its complaint .

"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," said Jessica Rich, drector of the FTC's Bureau of Consumer Protection in the statement. "But this flashlight app left them in the dark about how their information was going to be used."

Goldenshores could not be reached immediately for comment.

The FTC's actions are another indication of the growing scrutiny being given to the data collection and data sharing practices of mobile app vendors.

Numerous reports of egregious privacy violations by leading mobile application vendors prompted lawmakers to introduce a bill earlier this year that would require vendors to disclose what data they collect and how the data is share, use and stored. The bill, known as the Application Privacy, Protection and Security Act, would give the FTC the power to enforce privacy rules on mobile app vendors.

Meanwhile, states such as California have plowed ahead with enforcing privacy rules on mobile app vendors. Last year, California Attorney General Kamala Harris struck an agreement with several leading companies, including Facebook and Google, to make their privacy policies more transparent to users of their mobile apps.

The mobile industry itself has tried to stave off regulations via a multi-stakeholder initiative led by the National Telecommunications and Information Administration (NTIA). Under that effort, industry stakeholders, rights groups and Internet marketers are developing a privacy code of conduct for the mobile industry.

This article, Flashlight app vendor settles with FTC over privacy violations, was originally published at Computerworld.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about application security in Computerworld's Application Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Federal Trade Commissionconsumer electronicssecurityapplication securitysmartphoneslegalAccess control and authenticationAndroidmobile apps

More about BillFacebookFederal Trade CommissionFTCGoogleTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place