Feeds

back to article FTC torches Android flashlight app for spying on users

The US Federal Trade Commission (FTC) has announced a clampdown on an Android developer accused of covertly harvesting and selling user locational data. The FTC said that it has reached a settlement with Goldenshores Technologies, a US developer behind the "Brightest Flashlight" mobile application, a free download which the FTC …

COMMENTS

This topic is closed for new posts.
Silver badge
Big Brother

Sue! Sue I say...

Goldenshores should sue the American Government for being uncompetitive and monopolistic.

How dare they limit unauthorised tracking of everybody to just themselves.....

6
1
Anonymous Coward

Well well well

If a little flashlight developer does this I am sure there are others just as ruthless in their programming to harvest the details of users.

'Free' always has a cost, watch this space.

2
1
Silver badge

Post Install Permission Denial

Cyanogenmod has it, Google. Why don't you?

18
0

Re: Post Install Permission Denial

They do.

App Ops permission screen is included (but hidden) in 4.3 and above.

http://www.zdnet.com/hidden-android-feature-allows-users-to-fine-tune-app-permissions-7000018944/

Use at your own risk.

Personally I read the permissions on install, and if the app is unreasonable I cancel the install.

12
1

Re: Post Install Permission Denial

They are keeping it quiet because it allows you to diable adverts on many apps by turning off internet access... I'm sure they will eventually fix it by creating a core google ad serving app in the device OS so the front end app can get adverts locally.

1
0
Silver badge

Re: Post Install Permission Denial

They removed it in KitKat, but there's an app called App Opps which puts it back.

Part of the complaint was that the app did stuff before the EULA was read, so a post-install solution won't work (unless it disables everything on newly installed or updated apps, which would be a pain). Instead of installing and then seeing what the app does, we should assume that if it asks for permission to do something, it will do it. So if a torch needs to know your device ID and location and needs to be able to send data, just assume it's going to send your ID and location to someone. And then get a different app. An EULA just lets them hide behind a few pages of legalese which nobody will ever read.

3
0
Big Brother

Re: Post Install Permission Denial

I make exactly that assumption, and I make use of App Ops. I'm quite sure that should Google remove that, it'll live on in at least Cyanogenmod.

0
0
Bronze badge

Seriously?

"But this flashlight app left them in the dark..." Sounds like a broken app to me. :p

6
0
Flame

Re: Seriously? @Neoc

Upvoted, because without your comment I would never have got that clever and ruthlessly subtle pun...

0
0

Glad they are getting shut down

But why would anyone install a flashlight app that required the "Location" permission, (and full network access presumably)?

Fully agree with M Gales' post above.

9
1
Bronze badge

Re: Glad they are getting shut down

Agreed. Ive removed plenty of apps form my phone because they were benign to start with, but the latest "update" starts asking for all sorts of permissions on location, dialing access, network access, read contact info, the lot. I dont just refuse the update, I remove the older version, and proceed to downvote the hell out of them in the marketplace.

11
1
Bronze badge

Re: Glad they are getting shut down

Wish I could do that too, but nowadays to vote you need a Google Minus account "so it's easier to see opinions from people you care about".

Thankfully, I do have LBE Privacy Guard to prevent applications like this from running amok.

0
0
Bronze badge

Re: Glad they are getting shut down

Full network you kinda understand if it is ad supported, but location is pushing a bit far.

0
0
Bronze badge
Flame

Re: Glad they are getting shut down

I have about 13 apps in my update queue (and that's exactly where they'll stuck staying forever as far as I'm concerned - or at least until I figure out how to unlink them from the market...) exactly because of starting to ask for permissions I have no intention whatsoever granting them.

Funny though how some browsers think they're exempt - just look at what Opera mobile requests (getting all offended on anyone who asks why) - or easier perhaps, at what it doesn't. And frankly, I'm NOT down at all with Firefox now asking to "take pictures and videos / record audio" either.

0
0
Silver badge

Re: Glad they are getting shut down

"Glad they are getting shut down "

But they aren't - the company are still in business, there's no fine mentioned. All this amounts to is a legally enforceable "cease and desist", with no real punishment. So the message from the FTC is "do what you want so long as you aren't caught, if you are caught there will be no penalty other than to require you to do what you should have been doing in the first place".

Google are no better - they need to ban this company from the Play store and automatically delete the app from user devices if they want to make Play a trusted resource, and make a big song and a dance about the fact to encourage other developers. I don't mind apps wanting to harvest data in return for use of the app, so long as I know up front, and can make an informed choice (which in this case would be a firm "no").

3
0

Re: Glad they are getting shut down

Yup - should have been fined into bankruptcy...

0
0
Anonymous Coward

Re: Glad they are getting shut down

>But why would anyone install a flashlight app that required the "Location" permission

...the logic would probably go along the lines of....'ah yes, helps you find it in the dark'.

0
0
Pint

Re: Glad they are getting shut down

Interesting re. downvoting. You also comment on exactly why you've downvoted…?

There are some where I've just kept the old version around. Reasons vary, but generally centre around “it's useful”, “the alternatives don't do what I want” and “the alternatives may be better, but they want even more access”.

0
0
Bronze badge

Shrink Wrap EULA's you had to read before opening the box to get it?

One had to read before opening the box to get to it. This isn't, but it's better, much better. Let's call it "Shriek Wrap" -- and it lights you up on a map.

0
0
Silver badge

Free.

"The FTC said that it has reached a settlement with Goldenshores Technologies, a US developer behind the 'Brightest Flashlight' mobile application, a free download which the FTC said had been installed on 'tens of millions' of Android devices."

So not really "free" then.

0
0
Bronze badge

Not too bright ?

Why would you download a flashlight app in the first place -- hell of an expensive torch when you consider the wear on the battery and the replacement cost ?

As for these crumbs who hoover up private data without permission, they deserve a good kicking.

0
0

Re: Not too bright ?

Simple - people usually carry a phone on them, but rarely a torch. If you need a torch at short notice, it's usually easier to grab the phone and use it vs finding a real torch.

2
0
Silver badge

Re: Not too bright ?

"Why would you download a flashlight app in the first place -- hell of an expensive torch when you consider the wear on the battery and the replacement cost ?"

Easy. Because on any decent smartphone the LED gives much better illumination than an incandescent torch bulb, is more compact, rechargeable, and is with you most of the time. I've got an LED Maglite 2D which can put a spotlight on something a third of a mile away, but it's hardly pocketable, so I don't have it with me very often. Likewise, I've got a proper camera, but that doesn't invalidate the benefit of the one on my phone. Given the occaisional use the impact on battery life or durability is negligible. Obviously those who choose to buy a phone with a non user-replaceable battery might wish to be a bit more paranoid, but even for them I don't think it would be harmful - day to day use as a phone and communicator will knock 40% off your capacity in two years.

I struggle to understand why you wouldn't have a torch app. Been using Tiny Flashlight by Nikolay Ananiev for the past two years and it works for me.

2
0
Bronze badge
Trollface

Colour me impressed...

... much as I hate the idea of personal data being sold, I'm actually quite impressed that a developer has found a way of making some reasonable money out of Android without needing a lucky break or a leg-up from an iOS port...

0
3
Silver badge

Re: Colour me impressed...

You should check out the install numbers on some of the launcher apps, widgets, ROM managers and things like Tasker. Stuff the Iphone can't do makes a ton of money.

0
0
Silver badge

"a user's preferences not to have their data shared were ignored"

So an app can tell you (or not) what it is going to do, then proceed to do whatever it wants anyway ?

That is just ridiculous. I should have the possibility to DENY access to a functionality for an app and the app should not have the possibility to ignore that.

Google, please fix that. NOW.

0
0
Slx

I'm getting a bit sick and tired of this kind of stuff.

A very large number of people are not all that tech-savvy and won't notice that some app is looking for ridiculous permissions.

Also, most currently installed versions of Android do not let you block those permissions. It's an all or nothing approach.

It's one of the issues that's starting to really put me off Android.

2
0

LED Lamp

I've only ever used the LED Lamp app, requiring no silly permissions. Though of course that wasn't enough to stop some daft reviewer at one point claiming it was spying by needing camera permissions - required to activate the flashlight, duh.

0
0

/walks in, looks around.

"Great world you've built here Android."

/shakes head, leaves.

Down vote if you like this. :-)

0
0
This topic is closed for new posts.