A flashlight app stole 50-100 million people’s location data, gets a slap on the wrist

brightest flashlight ftc punishment

Brightest Flashlight, an Android app that turns your handset’s LED camera flash into a flashlight, is a free download that has been downloaded 50 to 100 million times. It is also an app that made money not just through legitimate ads, but also by covertly selling geolocation data and device ID information to third-party advertisers. The Federal Trade Commission caught wind of the app’s antics back in December, with the FTC and the app’s developer, GoldenShores Technologies, arriving at a settlement that’s nothing more than a slap on the wrist.

The terms, which are now final, disallow GoldenShores and owner Erik Geidl from collecting location data unless they explicitly state how and why they’re obtaining it, and who will receive the information. This will likely appear in the form of a warning message as soon as you open the app.

In addition, for any data collected, they must keep records for FTC inspection and, if Geidl decides to start up a new business, he must tell the FTC about it in the next 10 years. Finally, any data collected up until now must be deleted within 10 days.

As for fines, there won’t be any. According to the FTC, because Brightest Flashlight is a free app, it did not seek to impose fines. Its justification in not doing so is faulty at best, since it ignores the fact that Geidl most likely earned income from selling geolocation data.

The unethical nature of it all should have been enough for Geidl to be fined, but the FTC instead did the equivalent of a finger wagging. The ruling certainly reads stern enough, but it doesn’t amount to a real punishment. We understand that app developers who have their apps available for free need to make money in some fashion, but this is not the way to do it.