Data haul by Android Flashlight app 'deceives' millions Published duration 6 December 2013

image caption The "brightest flashlight" app was downloaded to millions of Android devices

Tens of millions of Android users have been "deceived" by a developer who covertly gathered personal data, the US Federal Trade Commission (FTC) said.

GoldenShores Technologies took ID and location data from the millions using its Brightest Flashlight app.

The developer shared the data with ad networks but did not tell users about this practice, an FTC statement said.

To settle the charges, GoldenShores has agreed to give users more control over what happens to their data.

In its statement, the FTC criticised GoldenShores for its poor privacy policy, which did not let people know that the app was logging their precise location and a unique identifier for their phone and was then sharing that information with advertisers.

'Left in the dark'

Although the free app offered people an opt-out clause, the FTC said this was "meaningless" because data from all users of the Brightest Flashlight app was shared whether they agreed or not.

"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," said Jessica Rich, director of the FTC bureau of consumer protection, in a statement.

"But this Flashlight app left them in the dark about how their information was going to be used," she added.

A settlement deal signed by GoldenShores tightens up its privacy policy and demands that the company change how it handles data. In particular, it must no longer misrepresent how it gathers data and whom it is shared with, and must give consumers meaningful control over what is done with the information.