Apps that collect your information and sell it on to advertisers are nothing new, but even the seediest of the bunch normally ask for your permission first. Brightest Flashlight on the other hand, had no problems selling the real-time locations of up to 50 million people who downloaded the app.
The best part is that the Federal Trade Commission (FTC) in the U.S. handed out what amounts to slap on the wrist, or maybe even a stern talking to.
GoldenShores Technologies, the one-man company that created the app, first came to the attention of the FTC in December last year. The document they released explains that the company used shaky legal terms in the End-user license agreement (EULA) to hide the app’s true intentions.
In truth and in fact, consumers cannot prevent the Brightest Flashlight App from ever collecting or using their device’s data. Regardless of whether consumers accept or refuse the terms of the EULA, the Brightest Flashlight App transmits, or causes the transmission of, device data as soon as the consumer launches the application and before they have chosen to accept or refuse the terms of the Brightest Flashlight EULA.
So before you’ve even told the app whether or not you want it to collect your information, it’s already transmitting your location in real-time to ad networks and other third parties. While it’s good news that the FTC is paying attention to this kind of underhanded activity, the punishment doesn’t seem like enough.
Erik Geidl, the maker of the flashlight app, had 10 days from the date the order was issued to delete all of the data he collected. In addition, he will have to keep records for the FTC to inspect, and tell them about any new businesses he decides to start in the next 10 years. Oh, and he can’t collect users’ geolocation data without letting them know about it first.
The financial cost for his unethical behaviour, absolutely nada.
As reported by Gigaom, the FTC said that it didn’t seek financial restitution because the app was free. That may be true, but it doesn’t change the fact that Geidl would have made a healthy sum of money selling geolocation data from 50 million people to ad networks and other third parties.
It’s not the kind of action that calls for jail time, or any other measure that would amount to ruining this particular man’s life, but how is he going to learn a lesson if he gets to keep his ill-gotten gains? At the very least, the FTC could have stripped him of his earnings from the app, which would have put him right back at square one.
While there are very few people who would argue that he deserves to the keep money, taking it all away could even be considered a second chance. There are bound to be lessons learnt from the first app that would allow him to go on and create another, just so long as it takes the morale high ground, of course.
Gigaom also suggests a name-and-shame of the advertisers who bought from Geidl, which sounds like a great idea. They tried, and probably succeeded, in making money from stolen information, which means there is no reason they should go unnoticed in all of this.
The FTC is still fairly new at this kind of thing, but if it doesn’t want to make itself look like a pushover, it needs to figure out a more effective way to punish these unethical app makers. If not, the information black market will continue to thrive and put honest app users at risk form those looking to make a quick buck.
What do you think? Was the punishment or fair, or should the FTC have been a bit more heavy handed?
Lead image by Brightest Flashlight Free