Forgot your password?
typodupeerror
Privacy Android Government Software

FTC Drops the Hammer On Maker of Location-Sharing Flashlight App 187

Posted by Soulskill
from the permissions-permissions-permissions dept.
chicksdaddy writes "The Federal Trade Commission announced on Thursday that it settled with the maker of 'Brightest Flashlight Free,' a popular Android mobile application, over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC says the company failed to disclose wanton harvesting and sharing of customers' locations and mobile device identities with third parties. Brightest Flashlight Free, which allows Android owners to use their phone as a flashlight, is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices it is installed on. However, the device also harvested a wide range of data from Android phones which was shared with advertisers, including what the FTC describes as 'precise geolocation along with persistent device identifiers.' As part of the settlement with the FTC, Goldenshores is ordered to change its advertisements and in-app disclosures to make explicit any collection of geolocation information, how it is or may be used, the reason for collecting location information and which third parties that data is shared with."
This discussion has been archived. No new comments can be posted.

FTC Drops the Hammer On Maker of Location-Sharing Flashlight App

Comments Filter:
  • Security model (Score:3, Interesting)

    by Anonymous Coward on Friday December 06, 2013 @11:26AM (#45618753)

    If someone still says that Android's (or IOS I suppose) security model isn't completely broken...

    Why can't the user choose to disable networking on a per-app level?

  • by Greyfox (87712) on Friday December 06, 2013 @11:46AM (#45618959) Homepage Journal
    Their flashlight app was requesting network and GPS privs? There's obviously a fundamental problem with the Android security model, and I'm just going to go ahead and point my finger at people. First off, people assume that just because it's on the Play store, it's safe to install. Obviously not the case. Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?" And third, lazy developers have no incentive not to request every priv in the model.

    I'd heard Cyanogenmod was experimenting with a means to deny specific privs to an application rather than take the all-or-nothing approach of "You have to give me all this shit or you can't install it." That's a feature I'd really like to have for my Android phone.

  • by efalk (935211) on Friday December 06, 2013 @12:55PM (#45619645)

    I have a couple of calculator apps on the Android market. Obviously, a calculator has zero need for any of your personal data, and that's how much I collect -- zero.

    I recently received an email from "Appayable.com". They provide me with a spyware module to add to my apps. The spyware module collects users' personal data and uploads it to Appayable.com. I get paid. Profit!

    They say they only sell anonymized data, but I still thought it was a pretty reprehensible business model. I suspect it's pretty common practice, though.

    The letter:

    I noticed that RpnCalc Financial -- HP 12C has seen a growing number of downloads in recent weeks. I wanted to reach out and discuss how my company, Appayable, offers developers the opportunity to monetize their app without placing ads or impacting user experience

    We pull the social profile of your users, anonymize the data, and identify the mobile device. Appayable's SDK does not take up screen real estate on your application, maintaining the great user experience, and providing more revenue for you. Plus, we do not rely on impressions - as we do not place ads within your app - thus, you generate revenue based on a single download and install. No need to retain the user - only have them open the application once.
    The revenue stream created is ongoing based on our data partnerships, regardless of continued use of the mobile application.

    We've worked hard to make it really simple for you to integrate our service into your app, and as a result have over 6,500 applications on our platform in only 6-months! Whe you have a few minutes, I'd love to talk to you or the appropriate person about working with us.

  • by Anonymous Coward on Friday December 06, 2013 @02:59PM (#45620803)

    Have to wonder how many other apps are doing this that have not been caught yet

    That's the big problem, the FTC is currently playing a losing game of whack-a-mole. The ultimate solution is to inform the developer community that there will be a three month grace period for them to come clean. After that start throwing offenders in prison until the problem goes away. Currently there are no enforced consequences, all the FTC was able to do is get Goldenshores Technologies, LLC, to agree to obey current laws on deceptive business practices and fraud. The scumbag owner is currently laughing all the way to the bank instead of sitting in a holding cell somewhere awaiting sentencing.

    Why isn't the FTC dismantling Goldenshores Technologies (and the personal assets of all the owners) for whatever they can get? I thought the whole idea of civil forfeiture was to deny criminal scumbags from profiting from their crimes.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...