Tens of millions of Android users have installed the Brightest Flashlight Free app, not realising that the app engaged in dirty tricks to share information about users' location and devices with advertisers without consent.
The developers of the Android app, Goldenshores Technologies, have settled charges brought against it by the Federal Trade Commission (FTC), after it was discovered that the app failed to disclose how it was transmitting users' precise location and UDID (Unique Device Identifier) to third-party advertisers.
Furthermore, the Brightest Flashlight Free app was sneakily sending the information to advertisers before users had the chance to reject the program's small print:
Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.
A pretty underhand thing to do, if you ask me. And the FTC agrees:
"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. "But this flashlight app left them in the dark about how their information was going to be used."
"Left them in the dark". Did you see what she did there? Hur hur..
Even if you were happy with the adverts popped up by Brightest Flashlight Free, and didn't find them obtrusive or care about advertisers learning information about you, you might not have been that happy with what some of the adverts set out to do.
Back in October, I described how researchers had raised concerns about Brightest Flashlight Free's gathering of location information, and how it had served up fake anti-virus warnings designed to dupe users into believing their Android devices were infected with malware.
Erik M. Geidl, who runs Goldenshore Technologies, is required to delete any personal information collected from consumers through the Brightest Flashlight app.
The question remains, of course, how many *other* free Android apps are doing similarly sneaky tricks, exposing the privacy of their users?