Android user data stolen by flashlight app

Millions of Android users have had data stolen after the developer used a flashlight app to covertly steal personal data.

The US Federal Trade Commission [FTC] revealed that GoldenShores Technologies stole identification and location data from millions of Android device owners using its Brightest Flashlight app.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “But this flashlight app left them in the dark about how their information was going to be used.”

The FTC alleges that GoldenShores broke the rules as it passed on information to advertising agencies without informing its users that were led to believe that it was only the firm that was using the information. The app also gave consumers the option to not share location and identification data even though the information was shared automatically regardless of the user’s decision to opt out.

GoldenShares has already settled with the FTC regarding the complaint and will have to give users more control over what happens to data as a result. The firm’s privacy policy will be tightened up and the FTC has forced it to change the way it handles all data.

In particular the FTC made GoldenShares promise to provide a just-in-time disclosure that requires it to inform consumer when, how, and why geolaction information is being collected used and shared. The company then has to obtain the express consent from the user before doing anything with the data.

Any personal information collected by the Brightest Flashlight app must also be deleted straight away and the FTC reached agreement with GoldenShares after they voted 4-0 to adopt the measures put forward.