Here’s an interesting story of a developer who learned a hard lesson about misusing consumer information. The story revolves around an Idaho-based company, Goldenshores Technologies, LLC, a developer named Erik Geidl, and the Brightest Flashlight Free app.
The facts are simple: Goldenshores develops the Brightest Flashlight app for Android users. The app is free, thus over 50 million people downloaded the app. The Brightest Flashlight app works by activating all lights on a mobile device, including the device’s LED camera flash and screen to create a flashlight.
In 2013, the FTC alleged that Goldenshores collected users’ information and distributed that information to third parties. Specifically, the FTC said “that the Brightest Flashlight App transmits or allows the transmission of device data, including precise geolocation along with persistent device identifiers, to third parties, including advertising networks.” Ultimately, the FTC charged Goldenshores and Geidl with two counts of deceptive practices. Recently, Goldenshores and Geidl settled the dispute with the FTC.
Some interesting analysis
Of course, the Brightest Flashlight app contained all of the appropriate permissions.
The permissions included acknowledgment that the app could, and would, access geolocation data, and I’ve discussed the problems with geolocation data. In general, Android permissions are an excellent way to protect users from malicious practices within the Android device.
But this case presents a new issue: to what extent are developers using your private information?
I don’t know that there’s any precautions to take, since in these cases the user is unlikely aware of the information-theft, and this kind of theft isn’t limited to Android devices. Also, I should mention that we’re not exactly sure of the extent Goldenshores used the information.
I’m fairly confident, because we don’t know all of the facts, that the Goldenshores complaint is more about the adequacy of the app disclosures, and not so much about the transmission of data, although it could be.
Goldenshores provides a good example of how not to handle consumer disclosures. The FTC offers some great advice for marketing a mobile app:
- Tell the truth about what the app can do.
- Disclose key information clearly and conspicuously.
- Incorporate privacy protections by limiting the information the app collects, securely storing what information is held, and safely disposing of unneeded information.
- Explain what information the app collects from users or their devices and what’s done with their data.
- Give your users tools that offer choices in how to use the app – like privacy settings, opt-outs, or other ways for users to control how their personal information is collected and shared.
- Honor privacy promises.
- Protect kids’ privacy.
- Collect sensitive information only with consent.
- Keep data secure.
Putting it all together
Goldenshores gives me one more opportunity to reflect on the importance of understanding everything an app can do. This includes thoroughly reviewing all of the developer’s agreements. Goldenshores is a good example of how “enterprising” developers might sell your data to companies like Starbucks or Target to sell you coupons to businesses you pass on your daily commute.
Hopefully, Goldenshores and other similar cases, make developers consider exactly what information their apps really need, and appropriate disclose the use.