Shedding light on what your app is up to: 3 lessons for developers

Goldenshores Technologies’ “Brightest Flashlight Free” is an incredibly popular Android app downloaded by tens of millions of consumers.  But did those people know that when they used the app, it would transmit their precise location and unique device identifier to third parties, including ad networks?  According to a lawsuit filed by the FTC, Goldenshores didn’t give people the straight story about how their information would be used and then compounded the problem by making them think they could exercise a choice about it – a “choice” that proved ineffective.

The problem started with what the company said in its Privacy Policy, available via a link in GooglePlay and on its own website.  People were told that the app would collect information periodically “to facilitate the provision of software updates, product support and other services to you (if any) related to the Goldenshores Technologies software, and to verify compliance with the terms of the License.”  Not to worry, assured the company.  We may use that information “as long as it is in a form that doesn’t personally identify you, to improve our products or to provide services or technologies to you.”

That may be what the company said, but the fact of the matter is that the app allowed the transmission to third parties, including ad networks, of the user’s precise geolocation – yes, exactly where they were located – as well as unique device identifiers.

But that’s just where the problems started.  After installing the app, users got the Brightest Flashlight end user license agreement (EULA) that again failed to disclose just how much the app shared and with whom.  At the bottom of EULA were the familiar ACCEPT or REFUSE buttons.  And here’s where things really got interesting – because even before users had a chance to click one button or the other, the app was already collecting and sharing location and identifier information to its heart’s content.

The lawsuit charges that by failing to adequately disclose those material facts to consumers, Goldenshores and Erik M. Geidl violated the FTC Act.  To settle the case, the company has agreed to provide a just-in-time disclosure that gives people the whole story about when, how, and why their geolocation information will be collected, used, and shared.  Furthermore, Goldenshores will have to get users’ affirmative express consent before doing that.  The company also has to delete any personal information collected from the millions of people who downloaded the Brightest Flashlight app.

The terms of the proposed settlement apply just to Goldenshores, but what can app developers take from the case?

Geolocation, geolocation, geolocation.  The real estate people have it right:  People really care about location, and the unauthorized disclosure and sharing of their location makes them understandably edgy.  If your app collects and shares sensitive information, it’s smart to explain what’s going on up front, using language consumers will understand.  What's more, get people’s express approval before going forward.

Button, button.  Who’s got the button?  Savvy app developers understand the importance of giving users a choice about how their information is used.  But it’s all for naught if the choice is illusory.  By featuring ACCEPT or REFUSE or similar buttons, you’re conveying to consumers they have a choice – and that you’ll abide by it.  That's a promise you have to live up to.

The best things in life are free.  Many app developers adopt a business model that allows for the distribution of their apps for free.  That can be great for consumers, of course, but it doesn’t change app developers' legal obligation to abide by well-established truth-in-advertising and privacy principles.

You can file an online comment about the proposed settlement by January 6, 2014.  To help keep your app on the right side of the law, here are two FTC titles to add to your reading list:  Marketing Your Mobile App: Get It Right from the Start and Mobile App Developers: Start with Security.

 

1 Comment

>> Leave a Comment | Comment Policy

The App developed by Goldenshores Technologies was lacking security, which easily allowed the third party to access the vital information of customers.

Thanks,
Lauree

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.