{"id":20815,"date":"2013-12-23T14:11:53","date_gmt":"2013-12-23T19:11:53","guid":{"rendered":""},"modified":"2014-04-03T15:19:41","modified_gmt":"2014-04-03T19:19:41","slug":"goldenshores-case-demonstrates-flaws-in-current-mobile-privacy-practices","status":"publish","type":"insight","link":"https:\/\/cdt.org\/insights\/goldenshores-case-demonstrates-flaws-in-current-mobile-privacy-practices\/","title":{"rendered":"Goldenshores Case Demonstrates Flaws in Current Mobile Privacy Practices"},"content":{"rendered":"
Earlier this month, the FTC announced a settlement with Goldenshores<\/span> Technologies<\/a>, the developer behind Brightest Flashlight Free, a popular flashlight app for Android. The app allows the user to keep the camera flash and screen illuminated so that it functions like a flashlight. Pretty useful, but there was one small problem: the app also transmitted the phone\u2019s geolocation<\/span> and device identifier to third parties without notice to users in the privacy policy or the app\u2019s promotional pages.<\/p>\n There has been an unfortunate trend of mobile apps failing to accurately disclose data collection practices, and the FTC has taken steps to seek enforcement actions against companies that make such misrepresentations that violate the FTC Act. In February, the Commission reached a consent order with Path<\/a>, which had collected users\u2019 address book data without notice. As we discussed at the time, the Path settlement provided a clear signal to developers<\/a>\u00a0that collecting user data absent notice and consent was an obvious violation of the FTC Act\u2019s ban on deceptive trade practices. The Goldenshores case also emphasizes that neglecting to make statements in app privacy policies can be a deceptive act under the FTC Act \u2013 providing a clear signal to developers that they should be accurate in their disclosures and comprehensively describe what types of data an app collects.<\/p>\n Given how app stores and mobile platforms work, upfront disclosures regarding data collection, use, and retention are particularly important. When consumers browse through the Google Play store or Apple\u2019s App Store, they see a description of the app, its services, and ratings and reviews. Google Play and the App Store also include links to privacy policies for each app, but because such policies are often long, legalistic, and difficult to comprehend, app users may not have much advance notice before installing an app of what data could be collected. While users can uninstall apps or modify permissions after installing them, in some instances that may be too late. According to the FTC\u2019s complaint<\/a>, the flashlight app presented users with a choice regarding acceptance of the license agreement, which allowed Goldenshores to collect and use data prior to being able to use the app. However, by the time users were presented with this choice, the app was already collecting, using, and transmitting data. Therefore, users who downloaded the app but did not to allow Goldenshores access to any data were presented with a false choice, as the app was already collecting and using data before the choice was even presented. Moreover, the license agreement, as discussed above, failed to disclose the collection and transmission of location data to Goldenshores and third parties.<\/p>\n