Flashlight app vendor settles with FTC over privacy violations
Goldenshores lied to users about its flashlight app's data sharing habits, FTC says
Computerworld - The maker of a popular flashlight app for Android phones agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.
The settlement, announced Friday, requires Goldenshores Technologies LLC to provide a just-in-time privacy disclosure informing users about what, how, when and why their geolocation information is being collected by the company's "Brightest Flashlight Free" app.
The settlement prohibits Goldenshores from misrepresenting how consumer information is collected and shared. It also requires the company to specify precisely how much control users will have over the manner in which their personal data is used, the FTC said in a statement.
Under the agreement, Goldenshores is required to delete all consumer information it collected through the flashlight app. However, the FTC did not assess any fines against the company for its privacy violations.
The FTC said Goldenshores transmitted users' location data and device ID numbers to advertising networks and other third parties without the consent or knowledge of the users.
It also accused the app maker of deceiving consumers into thinking they had the option of not sharing their data when in fact they had no control over the data. Regardless of whether users accept or reject the terms of the company's license agreement, the flashlight app would transmit location data and device ID information as soon as the consumer launched the application, the FTC said in its complaint .
"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," said Jessica Rich, drector of the FTC's Bureau of Consumer Protection in the statement. "But this flashlight app left them in the dark about how their information was going to be used."
Goldenshores could not be reached immediately for comment.
The FTC's actions are another indication of the growing scrutiny being given to the data collection and data sharing practices of mobile app vendors.
Numerous reports of egregious privacy violations by leading mobile application vendors prompted lawmakers to introduce a bill earlier this year that would require vendors to disclose what data they collect and how the data is share, use and stored. The bill, known as the Application Privacy, Protection and Security Act, would give the FTC the power to enforce privacy rules on mobile app vendors.
Meanwhile, states such as California have plowed ahead with enforcing privacy rules on mobile app vendors. Last year, California Attorney General Kamala Harris struck an agreement with several leading companies, including Facebook and Google, to make their privacy policies more transparent to users of their mobile apps.
The mobile industry itself has tried to stave off regulations via a multi-stakeholder initiative led by the National Telecommunications and Information Administration (NTIA). Under that effort, industry stakeholders, rights groups and Internet marketers are developing a privacy code of conduct for the mobile industry.
This article, Flashlight app vendor settles with FTC over privacy violations, was originally published at Computerworld.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Application Security in Computerworld's Application Security Topic Center.
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- How to Keep Company Assets Secure with Federated Identity and Access Management This Technology Spotlight discusses the growing need for security in today's cloud-based, mobile world of IT, and the rise of SaaS-based solutions.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Application Security White Papers | Webcasts