FTC says app developers must shine more light on how they use data


flashlight app, privacy

When your own flashlight is spying on you, something is wrong. That, at any rate, is the Federal Trade Commission’s thinking in a case that illustrates how, in today’s electronic world, privacy concerns can lurk in the most unlikely contexts.

The case involved a simple flashlight app used on Android cell phones. The app, called “Brightest Flashlight Free,” has been downloaded by Android users tens of millions of times. It works by activating all the device’s lights, including the screen and LED camera flash, to provide illumination.

But behind the scenes, there was more to the app than light. There was data -- data about the place where it was used (“geolocation”), tied to data about the device (“persistent device identifiers”). And after being collected, that data was transmitted to third parties including advertising networks.

To the app provider, it may have seemed like a fair bargain. The user gets a free app, permitting a mere tap on the screen to turn a cell phone into a flashlight. In return, the developer gets data about users, which can be sold to advertising networks, which then can make better ad placements, with knowledge of where the phone is being used.

But our law generally expects that when private information is collected, users should be given notice of the collection, and a choice about whether to allow it. And that’s where the FTC found an absence of illuminating disclosure in this flashlight app.

The developer’s privacy policy simply stated that the developer collected information for software updates, product support, and the like. And the end-user license agreement, which users had to affirmatively “Accept” or “Refuse,” repeated that disclosure. Neither, however, said anything about collecting geolocation information or sending it, tied to the device identifier, to advertising networks. In the FTC’s view, that omission was a blatant deception.

And the FTC liked it even less that geolocation information was collected and transmitted even before the user clicked “Accept” on the license agreement terms. Indeed, even when users clicked on “Reject,” information including “the device’s precise geolocation and persistent identifier” was already being collected. Apparently the developer and its advertising partners were never in the dark about their users and potential users.

The developer, Goldenshores Technologies, LLC, agreed in a consent order to rewrite its privacy policy and license agreement, fully disclose its data collection and use practices, and obtain express consent from customers before that information is transmitted to anyone else.

After this settlement, your Brightest Flashlight may not be spying on you any longer. But the FTC used the settlement to caution that mobile device users need to consider, for every app they download and use, “how they’re paid for, what information they may gather from your device, [and] who gets that information.”


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Written by:


Thompson Coburn LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.