FTC acts against "Brightest Flashlight" app for deceptively tracking your location

Filed Under: Featured, Law & order, Privacy

We've written several times recently about the problems we face - whether as consumers, programmers, vendors or users - from mobile adware.

Ads in mobile apps are generally regarded with less suspicion and more tolerance than they are in desktop apps, as a sort of quid pro quo for not having to pay a monetary price to use them.

Indeed, lots of apps have a free version that is ad-supported, and a fairly inexpensive paid version that dispenses with the ads.

A few dollars, or a few ads? You choose...

Sadly, however, if you give app developers a centimetre, a few of them will take 633.6 metres. (Yes, there are 63,360 inches in a mile.)

And one example that we've heard lots of people use as an archetype for "going too far" is the story of the torch (flashlight) app that collected your location data.

Really? A torch that needs to know where you are? What on earth for?

So it can adapt the intensity of the light to your latitude? To tell you the number of hours until sunrise, and whether your phone battery will hold out that long?

Of course not!

The data was mined and sold to advertisers.

Sure, you could decline the data harvesting if you wanted to, at least in the Brightest Flashlight app from Goldenshores Technologies, LLC, by clicking a [Refuse] button.

But it turned out to mean REFuse in the sense of the noun meaning "garbage," not reFUSE in the sense of the verb meaning "to say no."

That's because the app called home anyway, reporting both your device ID and your precise location, before you'd had time to say whether you wanted it to or not.

The good news is that the US Federal Trade Commission (FTC), which aims to protect consumers against fraud, deception, and unfair business practices, has decided that this is unacceptable.

The FTC has reached a settlement - a so-called consent decree - with the makers of this info-grabbing app, officially labelling them in its press release as "deceivers", and saying:

When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it. But this flashlight app left them in the dark about how their information was going to be used.

The penalty doesn't add up to much - it pretty much boils down to an agreement not to do it again, or else.

But it's a start.

Image of brightly-shining torch courtesy of Shutterstock.

, , , , , ,

You might like

14 Responses to FTC acts against "Brightest Flashlight" app for deceptively tracking your location

  1. Mark · 138 days ago

    A slap on the wrist with a wet bus ticket is tantamount to approval. It really means "Don't get caught". Are any of the US agencies above board?

  2. Malcolm Curson · 138 days ago

    A mile does not equal 633.6 metres.because a metre is not 100 inches.

    • Paul Ducklin · 137 days ago

      But an inch is to a mile (1:63,360, the old scale UK Ordnance Survey maps) as a centimetre is to 633.6 metres. So "to give an inch and take a mile" translates that way in relative terms.

      Maybe it isn't that amusing after all. You can write it off as a divisory joke if you wish.

      • Anonymous · 137 days ago

        Maybe it isn't... Maybe it isn't....

      • MikeP_UK · 135 days ago

        A mile is 63360 inches and 1 inch is 2.54 cm, so a mile is 1,609.344 metres. Sorry, your calculation logic is not correct. You should have related a cm to a metre, but that is not how it is presented.
        I didn't laugh!

        • Paul Ducklin · 135 days ago

          The expression is, "to give an inch and take a mile." In other words, to take 63,360 times as much as you were given. That is the same as saying, "to give 2.54cm and take 1609.344m."

          Now divide both sides of the give in centimetres/take in metres ratio by 2.54 so you get the number of metres relative to 1cm.

  3. Anonymous · 137 days ago

    What's the most effective way to prevent something like this from happening on a rooted Android phone? Would a firewall app help?

    • Paul Ducklin · 137 days ago

      Check the "App Info" of an app before you run it for the first time. If there's an obvious "impedance mismatch" between the permissions it requires and what it is supposed to do (geolocation for a *torch*?) then bin it, or ask around before using it. A decent vendor with a decent app will give you a straight answer.

      Also, many Android anti-viruses, like Sophos's, have a "detect PUAs" option to block software that isn't strictly malware, but has to be considered a Potentially Unwanted App.

  4. PE · 137 days ago

    Almost 90% of the apps already on a Samsung Galaxy 4 state the app is "allowed" to look at, change, delete you contacts, Send messages, email, txt WITHOUT your knowledge or permission !!!

    WE the OWNER should be able to deny that part of the useage but can not .. The other bad thing is not being able to delete these apps from the phone easily ..

    • Paul T. · 134 days ago

      I'd more prefer to be able to change app permissions, much like firewall software can block phoning home for PCs. This is not new practice, as a Lexmark printer I had ~10y ago kept reinstalling a phone home executable.
      Of course, ability to changing app permissions might open the capability for apps to do that to each other....

  5. Anonymous · 135 days ago

    Fail - Sadly, however, if you give app developers a centimetre, a few of them will take 633.6 metres. (Yes, there are 63,360 inches in a mile.)

    There are - 1 609.344 metres in a Mile

    • Paul Ducklin · 135 days ago

      Yes, that follows precisely from the statement you quoted, namely that there are 63,360 inches in a mile. Therefore, since there are exactly 2.54cm in an inch, there are exactly 1609.344 metres in a mile. So you are 100% correct, except for the word "fail," which is 100% wrong.

      Here you are:

      1 mile / 1 inch = 63,360 (the units of distance cancel out to leave a dimensionless number)
      633.6m / 1cm = 63,360 (ditto)

      • Jim · 135 days ago

        Keep the dimensions; it's messing you up to pull them:

        You could have said 63360 inches, or 1609.344 meters. However, you conflated the numbers with the dimension: 633.6 and meters. (i.e you used 63360 inches / 100, but tacked on meters at the end instead of 100-inch increments).

        That's OK. In Star Trek TOS they managed to go "halfway across the galaxy" in minutes @ warp 10. Even the sainted writers of Star Trek messed up on occasion.

        Keep up the good work, but realize that your techie audience is GOING to catch you.

  6. I'm deinstalling this app right now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog