FTC Settles With Flashlight App Over Deceptive Data Use

On Thursday, December 5th the Federal Trade Commission (“FTC”) announced a settlement with Goldenshore Technologies, producer of the “Brightest Flashlight Free” app (“Flashlight App”), one of the top free apps available for Google’s Android operating system. The Flashlight App works by activating lights on Android phones, including the LED flash, which turns users’ smartphones into a flashlight.

The settlement followed an FTC investigation into the Flashlight App that revealed it shares information from the app, including geolocation and device identifiers, with third parties such as advertising networks without informing users via Android’s “permissions” process or via the App’s privacy policy. The App’s End User License Agreement (“EULA”) repeated these misrepresentations. Finally, the FTC discovered that the Flashlight App transmitted the geolocation and device identifiers to third parties even before users could accept or refuse the terms of the EULA.

The FTC alleged that Goldenshore’s failure to disclose the full scope of its information practices was “deceptive” under the FTC Act.

The Flashlight App case provides a few lessons for app developers:

  • The failure to disclose information about how an app collects, uses, or shares data may be considered “deceptive” by the FTC; in other words, the FTC is concerned with omissions as well as affirmative misrepresentations.
  • Privacy policies, license agreements, and terms of use must disclose all the information collected, used, and how it is shared with third parties.
  • Consumers and regulators expect apps to collect and share only the information necessary to provide the apps’ functions, and the collection and sharing of “extra” information will raise eyebrows.
  • Opt outs must provide users with real choices, and they must be honored by developers. Developers should also limit the collection of information via an app before users have the opportunity to exercise choice.

Leave a Reply

Your email address will not be published. Required fields are marked *