Although Android is, due to its open source nature, seen as a target by many hackers and individuals that wish to steal information for illicit purposes, the Google Play Store is, at least in theory, as safe as most other app portals. After all, it is moderated by Google to ensure that apps comply with the rules and terms of service, and anything suspect is usually disposed of in a swift and timely manner. But one app by the name of Brightest Flashlight, which requires no further description, appears to be keeping users in the dark about how it collects user location data before sending it to third party ad firms.
The company behind Brightest Flashlight has been pulled up on it by the Federal Trade Commission (FTC), which has branded the app as "deceiving". The app is said to have “precise location” data to advertisers, along with unique device identifier data, and since the data was automatically shared before a user had an opportunity to disable the feature, it was a trapping move that, in the end, “deceived consumers.”
Brightest Flashlight is by no means rogue, but’s good to see the FTC making a stand against an app that extracts information from users without due permission. GoldenShores Technologies, the company behind the app, will now have to offer better controls and more information regarding how location data is being utilized, and must also, as part of its settlement with the FTC, remove all data collated as a result of its misdemeanor.
One thing a user of Android should familiarize themselves with is the permissions menu that pops up each and every time an app is installed. Unfortunately, most tend to ignore this and simply accept it as a formality, which to some degree, it is; but if an app purports to be a calculator yet requires permission to access your contacts or messages, there’s more than a slight chance that the developer is up to no good.
It pays to check – especially since, as aforementioned, tens of millions of users downloaded the seemingly innocent app. You needn’t be an expert, but by scanning through those permissions and making sure nothing is afoot, you could save yourself from having your details inadvertently shared using permission that you so frivolously granted.