Devious app gets developers in trouble with FTC

Your mother was right, honesty is the best policy ... even when it comes to apps

My mother, and probably yours too, always said "honesty is the best policy" and over 35 years in business I've become a firm believer in the values of honesty and transparency ... lies, dissembling, and sins of commission and, most importantly, ommission almost always have consequences that have to be dealt with and always to your disadvantage. 

So, when you offer software that does things its users don't know about and that software becomes popular it's pretty much guaranteed that you will eventually be found out and get into trouble ... which is just what happened to Goldenshores Technologies over their Android app "Brightest Flashlight Free".

It turned out that while the app did, as claimed, provide a flashlight function by switching on the smartphone's LED flash at the same time it collected geolocation data and device identifiers that allowed users to be tracked then shared that data with third party ad networks. 

This behavior was eventually discovered and the Federal Trade Commission (FTC) swung into action and on December 5 announced a  Consent Order regarding Goldenshores Technologies.

This action by the FTC is particularly noteworthy because as explained by Reed Freeman and Adam Fleisher in a posting on the Morrison & Foerster Socially Aware blog:

... the FTC's theory is that the company's alleged violation ... resulted not out of an affirmative representation regarding its app alleged to have been deceptive, but from an alleged material omission, and from an allegation that whatever disclosures there were did not rise to the required level of prominence because they were in the privacy policy and EULA only.

These chaps are lawyers so let me bottom-line all that "alleged this" and "alleged that": It wasn't what Goldenshores disclosed that got them into trouble but rather what they didn't disclose. 

The MoFo blog (yep, these lawyers have a sense of humor) continues:

What makes this Order unique, however, is the specificity the FTC provides with regard to the disclosures Goldenshores must make about the collection and use of precise geolocation information in its apps.  The Order requires a notice that goes significantly beyond the typical boilerplate "just-in-time" opt-in notice that apps typically use to obtain consent for the collection of precise geolocation information.  In this case, the separate out-of-policy just-in-time notice and opt-in consent that the app must provide prior to collecting precise geolocation information must include a disclosure that informs the user:

(1)  That the application collects and transmits geolocation information;

(2)  How this information may be used;

(3)  Why the application is accessing geolocation information; and

(4)  The identity or specific categories of third parties that receive geolocation information directly or indirectly from the app.

As the MoFo post points out, "this could perhaps be an indication of where the FTC expects the entire industry to go in the near future" and rightly so; tolerating any kind of deviousness in collecting consumer data is a slippery slope that the more unscrupulous Internet advertisers and marketers would be guaranteed to take advantage of.  

So, my mother, and yours, was right: Honesty is, as always, the best policy and, when it comes to what your software does, it's a great way to avoid having the FTC breathe down your neck.

Confessions below or to then follow me on, and Facebook.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10