Popular flashlight app has been secretly sharing location data with advertisers

December 6, 2013

    brightest-flashlight

    How ‘free’ are free apps? As the old adage goes, “There’s no such thing as a free lunch.” The (hopefully obvious) truth is that most developers don’t create free apps out of the kindness of their hearts, they do it to make money. For some developers, that means in-app purchases. For others, they make you endure various types of ads.

    In the case of Brightest Flashlight, it turns out that they make their money not just through ads, but also by selling specific data location and device ID information to 3rd party advertisers. The situation first came to light (pun intended) after the FTC received a complaint about privacy concerns with the app. This led the FTC to further investigate the manner.

    The big takeaway here is that you should always read app permissions before installing.

    What’s even more interesting is that this app was highly rated with a 4.8, and has been downloaded more than 50 to 100 million times. Now to be honest, there are probably some folks that might not care about their information being sold to advertisers as long as the app itself is good. For those that value their privacy however, this is a pretty big invasion of it.

    Now you could say that folks that are concerned about privacy should carefully examine app permissions before installing, and we’d certainly agree. The fact that the flashlight app required all sorts of special permissions should have been a pretty big red flag.

    The real problem though is that the app’s maker went out of its way to deceive folks by stating that these special permissions would only be used for internal purposes, even though they ended up selling the information without permission. Furthermore, the FTC says the app had an “opt out” option but the truth is that the opting out didn’t stop the information from being shared.

    When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it. But this flashlight app left them in the dark about how their information was going to be used.
    Jessica Rich
    Director of the FTC’s Bureau of Consumer Protection

    The good news is that the FTC has since reached a settlement with GoldenShores Technologies (the app developer) to provide more control over location sharing and is forcing them to be more transparent about what they do with the data they collect. The app developer is also required to delete all previously collected data as part of their settlement with the FTC.

    The big takeaway here is that you should always read app permissions and if anything seems even slightly suspicious, you might want to look elsewhere.

    Comments

    • jayray78

      Isn’t this exact case the point of App Ops?

      • NeedName

        yep. . . however, it’s not that intuitive to use without the pro manager app.

        Furthermore, a case for custom ROMs that have better security and privacy settings, like CM, that allow the user to send blank data and easily block permissions, etc. . .

    • Jason Yuen

      If a service is too good to be free, chances are that you are the product. Ahem… facebook.

      • Hihi

        That applies to Google

      • MasterMuffin

        Like “hihi” said: Google

      • APai

        or anyone else offering services for free. they now have an incentive to monetize you in any way them deem it fit!

    • Alexander Terry

      Sooo… App ops?

    • Hihi

      That’s what Google is doing openly so why do you freak out?

      • Shark Bait

        Maybe beause they do it secetly. Personally, Im fine with google selling my data and providing me with free things in return!

      • RanRu

        A homeless person asking you for money is a bit different from one stealing money out of your pocket.

        • Hihi

          The right analogy would be:
          “A rich man taking your money which your find out about from gossips is a bit different from one taking your money without telling you”

      • APai

        not only google – microsoft, apple, facebook, yahoo, etc etc.. and also not to forget the main aggregator of them all NSA.

    • Bradley Uffner

      If you download a flashlight app that requires internet access and you might have a problem.

      • Michael

        Internet access is understandable (ads) however gps permission is a red flag for a flashlight app.

        • folium

          Maybe they want to prevent people from turning on flashlight at places where it’s forbidden, such as… *scratching head* … football stadium ?
          LOL.

      • On a Clear Day

        If you want a flashlight that doesn’t try to steal your data or reveal all to those with untoward nasty thoughts and hidden agendas harbored in the craven, greedy hearts, go to Google Play and get flash-the-brain’s flashlight – and while you are at it he/she has a great timer called Rooster. No unnecessary, big brother permissions needed for either. See link below:

        It is time all of us woke up and realized that the biggest arena the best con-men/women, flimflam artists and snake oil salesman the world has in it now are naturally going to gravitate – like sharks to blood – toward is the arena of spyware/”you gotta have this one” apps. Another one that should be investigated is Viber – the lovely “you can phone anywhere in the world for free” app – do a search for Viber security threat? and see what comes up those of you out there using it blithely thinking you have a great deal – anyone for sharing all your contacts with a company that won’t tell you what they are doing with your info?

        https://play.google.com/store/apps/details?id=com.android.flashLight

        FlashLight
        flash-the-brain.com
        - July 22, 2012
        Tools

    • Roman Vasilev

      Пидарасы ебаные сука. Хотя мне насрать)

    • Tony T.

      Uninstalled. Thanks. Don’t really need it anymore anyway since my ROM has built in torch.

      • Gator352

        Why? They have already sold your data.

        • Tony T.

          Because I don’t want them to in the future…

          • Gator352

            They already have it. Period. They will continue to sell it. Just because you uninstalled doesn’t mean it magically disappears from their greedy, grubby hands. I hear ya though, I’m going to watch permissions much more carefully.

            • D.B

              “As a part of the settlement, they were required to deleted (ALL) collected data.” Thought you forgot that small detail. You don’t mess with the FTC. He got off easy. Surprised they didn’t charge him with a fine.

            • Gator352

              I did :)

    • smokebomb

      Just removed it and got a different one.

    • arjman22

      I use that app all the time! ( I lose things in the dark) Uninstalling…

      • APai

        install other flashlight that do not require a shitload of permissions for just flashlight!

        • arjman22

          I’m using Cyanogen rom and it has a native Flashlight app called Torch, I’ll be using that from now on.

    • Anthonydotcom

      I don’t understand why people don’t read permissions. A flashlight app should have zero access to contacts, phone calls, device ID, and the internet. I use Tesla LED. Zero BS/Great functionality. In this case I think they got what they deserve.

    • juan
    • Raymond Marx

      That is why I refuse to download ANY app that uses ads to work, I’m sorry, that’s NOT free, it’s shitware and I refuse to have it on my devices! What ever happened to trialware, that allowed one to use an app unrestricted for a few days/weeks then forced one to purchase it? Those are the apps I purchase or keep if they are truly Free, as in FREE, not adware/spyware/virusware better known as shitware!

    • King Dong

      Install, firewall, end of problem

      • D.B

        Root firewall ;)

        • King Dong

          Absolutely :-)

    • Leonardo Rojas

      I’ve seen that app some months ago, just a glance to the permission it needs would give anyone a clear idea of how dishonest it is. People don’t check permissions when installing

    • Luka Mlinar

      Google is to blame for this. They are letting any app do what ever it wants will nilly.

    • Android Developer

      What kind of information did they sell?
      And what can be done with this information? Who’d even buy this kind of information?

      • APai

        why wouldn’t the advertisers want to buy this data ? they have name/ age/ gender, fine location, probably a shitload of other data too! can target ads according to mood swings even :P

        • Android Developer

          The advertisers cannot choose exactly what to show to a specific person on the ads of Android, at least not on Admob (and I think no ad network allows this).
          They can only do it in a much broader scale.

          Maybe you mean advertisers that will use it on websites?

    • APai

      name them shame them – the developers, the scumbag owners.

    • Navid Lancaster

      Doesn’t a torch app come pre-installed with Android ROMs anyway so you don’t have to install this kind of app. Check your pre-installed widgets.

    • Galih

      that is very dangerous, as android user we must protect our information and our e mail

      i hope the developer will be banned from admob

      i would to write it to my blog aplikasi senter android

    • dian

      i agree with u sir, i want to put your image in my blog. HP Android a390
      Thanks for your attention

    Popular

    Latest