icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
6 Dec, 2013 11:27

Flashlight bug: Phone app spied on users for ad networks

Flashlight bug: Phone app spied on users for ad networks

A tiny free app for Android devices turned them into a flashlight, but also secretly collected users’ location and device IDs to sell to mobile ad firms, the US Federal Trade Commission alleged. The app’s maker has agreed to settle compensation claims.

As many as 100 million people who installed the "Brightest Flashlight Free" app on their mobile phones and other devices were subject to the dubious practice. The FTC acted to investigate after complaints from tech-savvy users who wondered why a flashlight app would need to know a phone’s location.

Goldenshores Technologies, an Idaho-based firm behind the free app, was collecting the data to sell to third parties, including mobile advertising networks, the FTC alleges. The information included the location of the device and its unique ID. The harvesting started even before a customer had a chance to read and accept or reject the app end user agreement.

While the privacy policy of the company mentions collecting the data, it falsely claimed that it would not be used outside of the company, the FTC said. Moreover, the app had an option not to share users’ information, but doing so did not stop its collection.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “But this flashlight app left them in the dark about how their information was going to be used.”

The settlement terms prohibit Goldenshores Technologies from deceiving its users and demands that it clearly explains when, how, why their data would be collected. The company is also ordered to delete any personal data it may store, which was acquired so far. The FTC said it did not seek financial restitution because the app was free. The settlement is to come into force in early January, unless contested.

Mobile customer geolocation data is of much worth to advertising networks, which can use it to profile people and target them with personalized ads. The business is still in its infancy, but booming, with a growth of 145 percent over the first six months of 2013, according to the Interactive Advertising Bureau, a trade group for online advertisers.

But the amount of detail about people’s lives, which the practice gives to companies, is ringing alarm bells for privacy activists.

“The blending of data sounds like a futuristic thing, but it’s really starting to happen, and the amount of data being created from smartphones makes it even easier,” Nicole Ozer, from the ACLU office in San Francisco, told The Washington Post. “These are mainly free apps but are costing people when it comes to their personal and sensitive information.”

Several legislative initiatives aimed at curbing geolocation data harvesting have been introduced in the US Congress over the last years, but some lawmakers are reluctant to restrain the growing mobile ad industry.

“Despite heightened privacy concerns these days, I doubt Congress will clamp down on location-based tracking. Republicans in particular aren’t likely to support new regulation of a booming corner of the economy like online advertising,” said Paul Gallant, an analyst at Guggenheim Securities.

Similar confrontations are likely to unfold over other areas of technology that expose people’s information to tech firms. Advertisers make use Internet browsing histories, search quarries, social networking profiles and connections, among other data.

Podcasts
0:00
26:13
0:00
24:57