An extremely popular Android app which turns users smartphones into torches “deceived” tens of millions of users by covertly sharing their device IDs and locations with advertisers.

Goldenshores Technologies LLC, the developer behind the Brightest Flashlight Free app, has agreed to settle an FTC case which alleged that the company had violated provisions of the Federal Trade Commission Act. In settling the case, the developer has agreed to give users more control over how their data is used in the future.

In its statement, the FTC said,

“The FTC’s complaint alleges that the company’s privacy policy deceptively failed to disclose that the app transmitted users’ precise location and unique device identifier to third parties, including advertising networks.”

Whilst Greenshores privacy policy had disclosed that the company could use “any” information collected via the app, it did not include provision for sharing that data with third parties.

Since being released in February 2011 the app had proven to be extremely popular with Android users. According to Google Play’s statistics it has been downloaded somewhere between 50 and 100 million times

Jessica Rich, director of the FTC’s consumer protection bureau, said:

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it. But this flashlight left them in the dark about how their information was going to be used.”

The FTC complaint also went further, noting that anyone installing the app on a device was offered a misleading choice about the data collecting capabilities of the flashlight. When they first ran the app they were presented with an End User License Agreement which provided details about the collection of information. As is normal with EULAs, consumers could then choose whether to ‘Accept’ or ‘Refuse’ the agreement.

With this app, however, the choice was totally meaningless as data was collected and then shared with third parties, irrespective of whether they agreed to the terms or not.

Under the settlement with the FTC, Greenshores will now have to tell users when, why and how their data is being collected. The app will also have to attain a positive opt in from users before collecting or sharing their data. Additionally, the company must now also delete all the data it has gathered from consumers who have already downloaded the app.

Furthermore, Erik Geidl, the managing member of Goldenshores Technologies, has been ordered to tell the FTC if he becomes employed elsewhere. The FTC did not, however, seek any form of financial restitution due, I should imagine, to the fact that the app was offered for free.

The case above will hopefully serve as a reminder to all to be careful when installing apps onto their devices. Whilst Brightest Flashlight Free was misleading when it came to declaring how data was collected, it still highlights the need to check the permissions on any apps you have installed.

Ask yourself whether your app of choice really needs to snoop around your personal information or share your geographical location. If it doesn’t, then perhaps you may want to find an alternative!