FTC acts against "Brightest Flashlight" app for deceptively tracking your location
We’ve written several times recently about the problems we face – whether as consumers, programmers, vendors or users – from mobile adware.
Ads in mobile apps are generally regarded with less suspicion and more tolerance than they are in desktop apps, as a sort of quid pro quo for not having to pay a monetary price to use them.
Indeed, lots of apps have a free version that is ad-supported, and a fairly inexpensive paid version that dispenses with the ads.
A few dollars, or a few ads? You choose…
Sadly, however, if you give app developers a centimetre, a few of them will take 633.6 metres. (Yes, there are 63,360 inches in a mile.)
And one example that we’ve heard lots of people use as an archetype for “going too far” is the story of the torch (flashlight) app that collected your location data.
Really? A torch that needs to know where you are? What on earth for?
So it can adapt the intensity of the light to your latitude? To tell you the number of hours until sunrise, and whether your phone battery will hold out that long?
Of course not!
The data was mined and sold to advertisers.
Sure, you could decline the data harvesting if you wanted to, at least in the Brightest Flashlight app from Goldenshores Technologies, LLC, by clicking a [Refuse] button.
But it turned out to mean REFuse in the sense of the noun meaning “garbage,” not reFUSE in the sense of the verb meaning “to say no.”
That’s because the app called home anyway, reporting both your device ID and your precise location, before you’d had time to say whether you wanted it to or not.
The good news is that the US Federal Trade Commission (FTC), which aims to protect consumers against fraud, deception, and unfair business practices, has decided that this is unacceptable.
When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it. But this flashlight app left them in the dark about how their information was going to be used.
The penalty doesn’t add up to much – it pretty much boils down to an agreement not to do it again, or else.
But it’s a start.
Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/BNUTp6aOOb8/