The Federal Trade Commission has settled with the makers of the Android Flashlight app, which distributed users' personal information to third parties without their permission.

The Brightest Flashlight Free app turns the user's phone into a flashlight. But it was sending a user's location and unique device identifier to third parties, including ad networks. Customers were given the opportunity to opt-out of having this information shared, but app maker Goldenshores Technologies shared that data anyway, the FTC said.

After downloading, the app presented its End User License Agreement, and users could either tap "Accept" or "Refuse" to proceed. But "the application was already collecting and sending information to third parties  including location and the unique device identifier," the FTC said.

"When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it," Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "But this flashlight app left them in the dark about how their information was going to be used."

The deal with the FTC bans Goldenshores Technologies from misrepresenting how a consumers' information is collected and shared. The company has to tell user when, how, and why their geo-location information is being collected, used and shared, and obtain consumers' affirmative express consent before doing so. Anything that has already been collected must be deleted.

The deal, or consent agreement package, is now open for public comment, after which the FTC will decide whether or not to make it final, and could impose a civil penalty of up to $16,000.

Further Reading