×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FTC Drops the Hammer On Maker of Location-Sharing Flashlight App

Soulskill posted about 5 months ago | from the permissions-permissions-permissions dept.

Privacy 187

chicksdaddy writes "The Federal Trade Commission announced on Thursday that it settled with the maker of 'Brightest Flashlight Free,' a popular Android mobile application, over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC says the company failed to disclose wanton harvesting and sharing of customers' locations and mobile device identities with third parties. Brightest Flashlight Free, which allows Android owners to use their phone as a flashlight, is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices it is installed on. However, the device also harvested a wide range of data from Android phones which was shared with advertisers, including what the FTC describes as 'precise geolocation along with persistent device identifiers.' As part of the settlement with the FTC, Goldenshores is ordered to change its advertisements and in-app disclosures to make explicit any collection of geolocation information, how it is or may be used, the reason for collecting location information and which third parties that data is shared with."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

187 comments

Location obviously needed (5, Funny)

Imsdal (930595) | about 5 months ago | (#45618679)

But if the app doesn't know your location, how would it possibly know where to provide the light?

Marketing (0)

Anonymous Coward | about 5 months ago | (#45618861)

Hi, I'm an Silicone Valley entrepreneur. We use that data for this innovative app we have.

See, by getting your location, browsing and every other piece of personal information we can possibly get from you device, we can then push to your device information that you would be interested in. Of course, (1)some of this information would be products that you may be interested in buying from our partnered (2)certified suppliers.

And we absolutely will NOT share your information without your permission(3).

...

1 . By "some" we mean all.

2. certification - they pay us and we pimp your data.

3. By using our app, you opt-in and there's no way to turn it off and we sell it to anyone who forks over the cash.

-Yours, your typical Silicone valley Lamoe company.

Re:Location obviously needed (0)

Anonymous Coward | about 5 months ago | (#45619095)

trash. you own how many cell fones? you think this app is the only thing against you? and that you
wont fall prey to it? it aint alone. its the lowest common denominator attacking.

what about the greatest? what about the corporate champions. you laugh but your owned.

Re:Location obviously needed (0)

Anonymous Coward | about 5 months ago | (#45619793)

Just because you don't have a cell phone and have disdain for those that do doesn't mean that you can't learn a bit of grammar and punctuation.

Just sayin'...

Re: Location obviously needed (5, Insightful)

iamhassi (659463) | about 5 months ago | (#45619731)

Have to wonder how many other apps are doing this that have not been caught yet

Re: Location obviously needed (1)

Anonymous Coward | about 5 months ago | (#45619911)

All of them...

This app never seemed necessary (0)

SternisheFan (2529412) | about 5 months ago | (#45618687)

Whenever I need quick light I just go to an all white screen on my phone. Why would you ever need an app for this?

Re:This app never seemed necessary (2)

oodaloop (1229816) | about 5 months ago | (#45618727)

It's for the LED flash next to the camera, which is much brighter than a white screen.

Re:This app never seemed necessary (0)

Anonymous Coward | about 5 months ago | (#45618733)

Most Android devices have an extremely bright white LED on the back of the device, which is used as a camera flash. It's typically much brighter than an all-white screen. Apps like this (and ROMs like CyanogenMod) provide an interface to turn this light on and off without having to enable the camera.

Re:This app never seemed necessary (2)

locopuyo (1433631) | about 5 months ago | (#45618755)

Doesn't your phone have a camera flash that can be used as a flashlight and works just as well? I think this has been standard for the past 5 years, and most phones have a flashlight app that comes on the phone.

Re:This app never seemed necessary (1)

SternisheFan (2529412) | about 5 months ago | (#45619023)

Doesn't your phone have a camera flash that can be used as a flashlight and works just as well? I think this has been standard for the past 5 years, and most phones have a flashlight app that comes on the phone.

I'm still on an older Virgin Mobile economy froyo phone (Optimus V), no flash. It's tough as hell, still works after many drops to concrete and one fall into a creek. I figure why upgrade while this one is still working fine. It gets the internet when I need to googlemap something, functions as an mp3 player, and the phone's mike/speaker still function.

Well, that said, I guess I gotta' go shave my neck now...

Re:This app never seemed necessary (1)

Anonymous Coward | about 5 months ago | (#45619587)

There are a couple of kids on your lawn too.

Re:This app never seemed necessary (4, Insightful)

safetyinnumbers (1770570) | about 5 months ago | (#45619281)

I just hold down the lock switch for a second to turn on the LED, it's a built-in feature on my Nokia.

But why doesn't Android sandbox apps in a way that the app is unaware of? Just present all apps with an empty contact list, a fake GPS location, an empty drive, etc and the user grants permissions to substitute the real ones as needed. That way, all apps could be installed and you'd get a popup such as "this app wants your location" in a similar way to IOS, only this way the app would keep working if you said no.

Re:This app never seemed necessary (2)

mlts (1038732) | about 5 months ago | (#45619431)

There used to be a utility called LBE Privacy Guard which did exactly this in earlier versions of Android, and on jailbroken iPhones, a utility called PMP (protect my privacy.) If the app wants contacts, it gets randomly generated cards. Songs, similar. Location, it gets where you select. Photos? Fake photos or an empty drive, ad id? Randomly generated.

Only thing is that LBE Privacy Guard has not been updated for the past few versions of Android.

Pretty much, one's best defense against a rogue fleshlight app is to have a firewall program like Droidwall or its successors and block the app from communicating on any interface.

Re: This app never seemed necessary (2, Informative)

iamhassi (659463) | about 5 months ago | (#45619761)

iPhone doesn't need it since every app has to be approved by Apple themselves before hitting the appstore and iOS doesn't allow access to contacts or locations without a large popup saying "do you want this app to access (blank)?" Which you can turn off anytime in settings. There are some advantages to a walled garden

Re:This app never seemed necessary (2)

Archangel Michael (180766) | about 5 months ago | (#45619291)

Indeed, why do you need an APP for this. My ROM (CM 10.2) has a "torch" function built in. Why would you need an app for it?

This is not an Android problem this is a problem with crappy carrier priorities. Must bundle crap nobody wants, and not include the obvious highly requested features.

Re:This app never seemed necessary (3, Insightful)

Solozerk (1003785) | about 5 months ago | (#45619473)

The "built-in" torch function you're talking about in CM is an app. It's open source - see here: https://github.com/CyanogenMod/android_packages_apps_Torch [github.com] .

You make it an app because it makes no sense to integrate such a feature directly in the OS/ROM - it would take longer, and that way you can update it and have additional features (morse code flashing, for example).

What baffles me is why people would install an app named "Brightest Flashlight Free" (name sounds like a moron-magnet), which probably require network access and include ads, when there are tens of ads-less Open-Source alternatives in the Google market as well as outside it.

Re:This app never seemed necessary (0)

Anonymous Coward | about 5 months ago | (#45619591)

What baffles me is why people would install an app named "Brightest Flashlight Free" (name sounds like a moron-magnet), which probably require network access and include ads, when there are tens of ads-less Open-Source alternatives in the Google market as well as outside it.

It's always at the top of the list in the freeapps category, so people assume it's fine to download.

As a user (-1)

Anonymous Coward | about 5 months ago | (#45618703)

Not sure what to say, Is thier anything We can do about this? Been useing this application for a long time now,not knowing that this company has essentially been selling our personal information illegally, is there no action we as suers can take against Them?

Re: As a user (1)

Anonymous Coward | about 5 months ago | (#45618745)

Four keywords: cyanogenmod with p-droid patch

Re:As a user (1)

Krojack (575051) | about 5 months ago | (#45618791)

When you installed it, didn't you look at the list of what it has access to? If I saw it wanting to get my location I would have stopped right there and not installed it. No flashlight app needs to know my location to work.

Re:As a user (3, Insightful)

MachineShedFred (621896) | about 5 months ago | (#45618809)

I think at this point, the default mode for most Android users is to just allow, as most apps have a laundry list of things they want access to. It's probably the second-least read message from an app install of all time (first being the EULA).

No, that is not wise. But people aren't always wise.

Re:As a user (2)

CubicleZombie (2590497) | about 5 months ago | (#45619581)

When I read the access request for any Android app, I end up declining. SD card, network, contacts, and location access, for a kitchen timer? No thanks. That's why I have no apps on my phone and why I miss my Startac.

And I just don't have the time to mess around with custom roms or rooting the phone.

Re:As a user (1)

hawguy (1600213) | about 5 months ago | (#45620041)

When you installed it, didn't you look at the list of what it has access to? If I saw it wanting to get my location I would have stopped right there and not installed it. No flashlight app needs to know my location to work.

Many ad supported apps want your location so they can serve geo targeted ads.

Though there are plenty of free non, ad-supported flashlight apps. The only permission the app I'm using has is the ability to access the camera.

Re:As a user (0)

Anonymous Coward | about 5 months ago | (#45618935)

1) Uninstall this app
2) Install F-Droid [f-droid.org] . Use that as your go-to source for apps.
3) Use a spyware-free flashlight app from there.

Re: As a user (0, Flamebait)

iamhassi (659463) | about 5 months ago | (#45619795)

I'm going to get flamed for this, but.... buy an iPhone? can't happen in iOS, apps can not access contacts or location without asking first, the operating system won't allow it, and you can remove the access anytime in settings. I know, flame on, but if this was Windows and someone said how can I stop getting viruses and someone recommended Linux it would be +5 insightful

Well now... (0, Offtopic)

Anonymous Coward | about 5 months ago | (#45618741)

The government has a lot of balls pointing fingers like that...

Re:Well now... (0)

Anonymous Coward | about 5 months ago | (#45618889)

The government has a lot of balls pointing fingers like that...

Governments can't stand competition...

capcha: vassal :-/

Re:Well now... (1)

minstrelmike (1602771) | about 5 months ago | (#45618955)

The government has a lot of balls pointing fingers like that...

I don't believe it is fingers that they are pointing.

Re:Well now... (0, Offtopic)

Anonymous Coward | about 5 months ago | (#45619027)

It seems that you have a problem understanding aristocracy. The government is the new aristocracy. We The People have let it happen by becoming big party shills. The last two administration have done everything short of opening concentration camps for undesirables and still we fuss more of Miley Cyrus and Paul Walker than we do over what our overlords have become.
 
Give it about two more administrations... the powers that be will have us paying at least 50% more in tribute, health insurance will be government run which will make it more costly and less effective and the citizens will have access to nothing more powerful than a child slingshot while the police and military will become one and the same... and they'll have all kinds of nifty toys to beat you down with if you don't comply with their demands, lawful or not.
 
Orwell couldn't have imagined something as totalitarian was what we'll be the victims of in the next two decades.

"The Government" (0)

Anonymous Coward | about 5 months ago | (#45619453)

The government has a lot of balls pointing fingers like that...

Strange thing about the (US) government: it's friggin' huge, with millions upon millions of people working for hundreds, if not thousands, of departments, agencies, and bureaus. They don't all want the same things; sometimes, different departments and agencies want diametrically opposed things. Some of them are charged with spying on group A, some with protecting the privacy of group B, and vice versa.

(Many people would argue that this is a major a problem. Other people would argue that this is by design. And some in the first group would argue that that is the real problem. At which point, some in the second group would allege that they, in fact, are the problem. After that, both groups just start arguing about the health care law.)

Security model (3, Interesting)

Anonymous Coward | about 5 months ago | (#45618753)

If someone still says that Android's (or IOS I suppose) security model isn't completely broken...

Why can't the user choose to disable networking on a per-app level?

Re:Security model (4, Informative)

MachineShedFred (621896) | about 5 months ago | (#45618825)

On iOS, you do have granular permissions - if an app requests your location, you can say no, and the app can go fuck itself - the API doesn't give it shit. It's not all-or-nothing.

Disabling data access per app is a different story though, so your point still stands.

Devil's Advocate.. (0)

Anonymous Coward | about 5 months ago | (#45619029)

Even if application permissions were granted individually and even if application developers wrote their code in such a way that the application would behave as normally as possible without them, what's there to stop them from sabotaging the application in another manner until it's granted the permission they want? For example, let's say an application requests location access, and until it's granted, it simply "decides" not to work. Another example, one that cannot be simulated, is network access. Rinse, wash, repeat.

Re:Security model (2)

Concerned Onlooker (473481) | about 5 months ago | (#45619091)

"Disabling data access per app is a different story though, so your point still stands."

On iOS 7 you can do this, but only if you're not using wifi. In the prefs you can turn off cellular data access on a per app basis. You can also see how much of your cellular data plan each app is eating.

Re:Security model (0)

Anonymous Coward | about 5 months ago | (#45619277)

Android 4.3 and 4.4 have granular permissions. App Ops, which is just a tiny download from the play store.

Furthermore, there are perfectly good non-permissions-needing flashlights on Play, like TeslaLED.

Re:Security model (0)

Anonymous Coward | about 5 months ago | (#45619571)

I heard iOS also has clearable cookies instead of "persistent device identifiers", but I suspect that's at least partly BS. The greed for an evercookie is too strong to resist, and the users are not detail-oriented enough human beings. Hell, I don't even know wtf is going on myself.

Re:Security model (0)

Anonymous Coward | about 5 months ago | (#45619939)

App Ops (hidden unfinished feature in Android 4.x, you can see the parts that work with a free Play Store app that opens it up) lets you selectively deny permissions for each app you have this way too. To make this not crash the application the OS has to fake it so that the app won't know there's a problem.

As of 4.4 you can disable:

Location: Fakes not knowing where you are
Contacts, Clipboard, Calendar: Pretends you have no contacts, nothing in calendar, nothing on clipboard
Vibrate: Pretends to vibrate but doesn't
Notification: The notification isn't displayed to the user, doesn't make a "new notification" sound, doesn't light the LED etc.
Keep Awake: Falls asleep as usual anyway, as if user pressed the button
Send SMS, Make Call: Pretends there is no cell service
Receive SMS; Pretends you never receive an SMS
Record Audio: Pretends there is no microphone? Or maybe just sends silence?
Camera: Pretends there is no camera? Or maybe black rectangles
Modfying Settings: Ignores new settings

If you care about this sort of thing and can handle knowing that if you switch stuff off it might make certain apps not do what you expected, then go get App Ops.

Re:Security model (1)

Anonymous Coward | about 5 months ago | (#45618919)

If someone still says that Android's (or IOS I suppose) security model isn't completely broken...

Why can't the user choose to disable networking on a per-app level?

Because this is Android, from Google. A company designed from the ground up to monetize your private and personal data.

Don't settle for being merely evil.

Re:Security model (1)

Anonymous Coward | about 5 months ago | (#45618983)

The security model is such that the app needed to request permissions from the user to read the location data and to access the network.

If the user installs a freaking flashlight app, and then is prompted, "hey, do you want this app to access the network and read your location data?" and the user responds "sounds good to me!", well, what the hell are you supposed to do about that? Can't save them from themselves, unless you go full-on down the Apple "padded room" approach. (Or was that "walled garden"? Same diff.)

Re:Security model (0)

Anonymous Coward | about 5 months ago | (#45619297)

Sure. I know how it works. But if the user could decide at run-time, the user would actually be able to use the flashlight app AND not send anything to the idiots who wrote that app. Get it? That's why I said the security model of the OS is broken. It enables developers to tricking users into installing apps that steal information from the users. Which is completely shitty. I'm using a firewall which lets me do this anyway, but it doesn't make the security model less shitty.

Permissions? (2, Insightful)

Anonymous Coward | about 5 months ago | (#45618777)

Who gives a flashlight app permissions to access location, internet, flash drive, etc?

Re:Permissions? (1)

Anonymous Coward | about 5 months ago | (#45618799)

Most do. Most people I know, that are running Android, grant access to everything that pops up. They don't read and don't understand it if they do.

Re:Permissions? (1)

the_skywise (189793) | about 5 months ago | (#45618857)

And one of these days, Apple is going to make use of the HumancentiPad clause in the iTunes agreement pop up!

Re:Permissions? (1)

ausekilis (1513635) | about 5 months ago | (#45618853)

Who gives a flashlight app permissions to access location, internet, flash drive, etc?

Only some rooted android phones (or custom ROMs) allow fine-grained access to allow/deny explicit permissions for applications. Every 'droid I've had with T-Mobile and AT&T has not allowed such control by default. Only a select few actually look at the requested permissions before agreeing to install an app, even worse, the android permissions are incredibly vague. "Phone State" means idle/sleep/calling/etc..., but the wording sounds like any app can make calls on your behalf.

Re:Permissions? (1)

Anonymous Coward | about 5 months ago | (#45619313)

Yes, and everything is getting worse. I've stopped updating the google apps (gapps) because they keep trying to expand their permissions too, and I feel that I need to make a stand on principles. And if I cannot get an alternate firmware soon that really allows me to control permissions, I may have to abandon the gapps entirely. There is no reason that google maps should have access to my contacts, SMS history, phone calling, etc.

We have a fundamental problem that the company defining the platform thinks that ads and customer tracking are sacrosanct. We have a worse problem that they are trying to water down the open part of their platform to force everyone to use their own apps and components on top, to further this agenda now that they have had wide adoption.

I want an open-sourced platform and apps that serves my needs, not those of any rent-seeking company. I want my mobile browser to have the same security and privacy options as my desktop: privoxy, noscript, and requestpolicy to allow me to control what my computer does, not some sociopath who thinks he has a right to put ads in my face or track my every moment. Privacy controls should be stronger on a platform we carry around everywhere, not weaker!

Re:Permissions? (1)

minstrelmike (1602771) | about 5 months ago | (#45618965)

Who gives a flashlight app permissions to access location, internet, flash drive, etc?

users who have finally seen the light, that's who.

Some Hammer (5, Insightful)

TubeSteak (669689) | about 5 months ago | (#45618815)

No civil fines.
No criminal penalties.
No admission of guilt.

Re:Some Hammer (1, Informative)

denis-The-menace (471988) | about 5 months ago | (#45619123)

That's because they are a corporation.

A corporation under US law is a "Person" that is superior to humans and thus cannot be faulted for anything.

Re:Some Hammer (0)

Anonymous Coward | about 5 months ago | (#45619499)

almost the same results of blackstone's laundering/insurance fraud. They should face crippling fines...

Re:Some Hammer (1)

tippe (1136385) | about 5 months ago | (#45619843)

Yes, I've seen this type of hammer before. My son has one. It's a big blue inflatable thing that goes "Squeek!" when you hit stuff with it. The FTC must obviously have one much like it. Maybe they got theirs from a country fair as well...

Don't be Naive (5, Insightful)

A10Mechanic (1056868) | about 5 months ago | (#45618827)

This is just the tip of the dirty iceberg here. Thousands of apps do this and far worse for your privacy. Caveat Emptor

Re:Don't be Naive (1)

Anonymous Coward | about 5 months ago | (#45619469)

I actually was looking for a flashlight app a few months ago. I went down the list on the flashlight apps, and I had to get to about the fifth one before I found one that didn't need some really questionable permissions (like reading contacts, GPS data, etc.). IMO this is a widespread issue.

I was actually going to install Pandora the other day, but I read the TOS to try to understand the permissions it required, and I just couldn't agree to it.

It's a pain, but the average user needs to start actually paying attention to app permissions.

Re:Don't be Naive (0)

Anonymous Coward | about 5 months ago | (#45620005)

Because it's brilliant! The app does nothing but print money. Mobile ad frameworks for everybody!

firefox (1)

Anonymous Coward | about 5 months ago | (#45618927)

I switched to a FireFox phone.

Why can't they copy this from iOS? (5, Insightful)

dingleberrie (545813) | about 5 months ago | (#45618929)

I have an iPhone 5 and a Nexus 7.
When I download an app on the Nexus, I always feel an uneasiness as I look at all the access it wants to my contacts and other invasively unnecessary permissions. So each time I must make a decision to accept or reject using the app. I've rejected some that just seem overreaching, but I've become less strict over time... like I'm accepting to lose a battle. I assure myself, that my phone has all my real contacts, not my Nexus 7 and then begrudgingly accept the conditions. This is one reason I will not use an android phone and why I rarely download apps on android.
http://yro.slashdot.org/story/13/12/06/1452241/ftc-drops-the-hammer-on-maker-of-location-sharing-flashlight-app# [slashdot.org]
iOS, for those that don't know, will let me decline permissions to track my location or share my contacts on a per-app basis. Even if I enabled it before, I can go into the control center and disable it. I don't benefit from that aspect of the iOS app, but I'm fine with that. For all the control that Android is supposed to give the user, iOS shines here and I wish that is one thing that Android would copy.

Re:Why can't they copy this from iOS? (1)

Anonymous Coward | about 5 months ago | (#45619047)

But iphones don't have flash, so they cant even run a flashlight app. But seriously, go to your menu drop-down and push the button that says "Torch Off" and it will change to "Torch" and then you wont need this app.

Re:Why can't they copy this from iOS? (2)

wbo (1172247) | about 5 months ago | (#45619109)

Newer iPhones (and i think a few other iOS devices) do have a flash and in fact a flashlight toggle is built into the lock screen on devices running iOS 7 or later.

Re:Why can't they copy this from iOS? (1)

Anonymous Coward | about 5 months ago | (#45619611)

All new iPhones have had flashes for over 3 years. troll harder.

Re:Why can't they copy this from iOS? (0)

SirGarlon (845873) | about 5 months ago | (#45619197)

I think Samsung showed us that copying features from Apple products is bad for business. Fine-grained app privileges seem obvious (and hence unpatentable), but when the courts are upholding and enforcing patents on something as stupid as rounded corners, it's better to be safe than sorry.

Re:Why can't they copy this from iOS? (4, Informative)

Anonymous Coward | about 5 months ago | (#45619293)

Oh you have a Nexus 7? Perfect, you can download App Ops to select permissions on a per-app basis.

Any Android 4.3 or higher device supports it. And root is not required.

Re:Why can't they copy this from iOS? (0)

Anonymous Coward | about 5 months ago | (#45619973)

"I wish that is one thing that Android would copy."

I hear lawyers sharpening their knives from afar...

So No One Thought It Odd (5, Interesting)

Greyfox (87712) | about 5 months ago | (#45618959)

Their flashlight app was requesting network and GPS privs? There's obviously a fundamental problem with the Android security model, and I'm just going to go ahead and point my finger at people. First off, people assume that just because it's on the Play store, it's safe to install. Obviously not the case. Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?" And third, lazy developers have no incentive not to request every priv in the model.

I'd heard Cyanogenmod was experimenting with a means to deny specific privs to an application rather than take the all-or-nothing approach of "You have to give me all this shit or you can't install it." That's a feature I'd really like to have for my Android phone.

Re:So No One Thought It Odd (4, Insightful)

Mr_Silver (213637) | about 5 months ago | (#45619135)

Their flashlight app was requesting network and GPS privs? There's obviously a fundamental problem with the Android security model, and I'm just going to go ahead and point my finger at people. First off, people assume that just because it's on the Play store, it's safe to install. Obviously not the case. Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?" And third, lazy developers have no incentive not to request every priv in the model.

Not to mention that although for a very basic app (like a flashlight one) it is possible to spot a nefarious permission, once you start looking a much more feature-rich app then it gets very difficult for users to work out the validity of the permission requested.

For example, a mobile banking app wants your location. Is this because:

  1. It's sending location data to a server to track you?
  2. It's sending it to third party companies for location based advertising?
  3. It wants that information so it can tell you where the nearest ATM or bank branch is?

Re:So No One Thought It Odd (1)

cdrudge (68377) | about 5 months ago | (#45619193)

Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?"

How is the user to differentiate legitimate vs illegitimate use of GPS and network access?

For instance, a restaurant review application wants GPS info to tell you what restaurants are near by, and needs network access to load data. Perfectly legitimate needs for those permissions and without those permissions being granted, the app is pretty useless. But there's nothing stopping the app from also transmitting your location back to someone for some other purpose.

For another example: I play a variety of free games on my phone and tablet. I acknowledge that they are free in exchange for showing me ads. I'm accepting of the ads as a condition for being able to play for free. I'd like for the ads be relevant and/or localized. So I don't have a problem sharing GPS info across the network if it means that the ads might actually be for something that I might click on once in a while. So again, while you may question why the app needs GPS and network permission, there can be a legitimate reason for it.

Now in the case of a "flashlight app" that took all of 5 minutes to write if they had no mobile development experience, and requires no continuing support, asking "Why the fuck does a flashlight app need that access" is a legitimate question and the only legitimate answer is because the author wants to whore out your information to make money.

Re:So No One Thought It Odd (1)

jonbryce (703250) | about 5 months ago | (#45619779)

The restaurant app needs to phone home with the location data in order to get the list of nearby restaurants. Once it is on their server, what they do with it is outwith your control, but restaurants will probably pay a referral based commission so they will need to have details of where people use their apps for that purpose.

Re:So No One Thought It Odd (1)

Sockatume (732728) | about 5 months ago | (#45619239)

Unfortunately app permissions on Android are currently "all-or-nothing" and, worse, they're requested all at once at installation, so users are conditioned to just click through it and make the app work. (See also: Windows UAC prompts.) It's a design issue, not a user intelligence issue.

Re:So No One Thought It Odd (0)

Anonymous Coward | about 5 months ago | (#45619299)

The reason why it would need network and location is for delivering ads.

This is the fundamental problem with "free" apps - they try to monetize the customer (via ad delivery). This in turn requires that the app have at least network access (to go get the ads). Most apps delivering ads now also want to deliver ads that are relevant to one's location, hence the need for location access.

And now the genie is out of the bottle, because once you grant network access, the app can do *anything* over the network. There is no way to say "only use the network for getting ads". There is no way to say "don't transmit my location to anyone else".

The only solution, from a user perspective, is to have an access control mechanism that provides fake responses on the various APIs when the user denies the app access. Location services would always return "Larry Page's House" as the current location, for example. While this would allow users to protect their privacy from overly aggressive apps, it will never happen because it allows users to protect themselves from overly aggressive apps. Those apps drive ad revenue and information harvesting, both of which are in Google's interest, so Android will never allow users to do this.

Re:So No One Thought It Odd (0)

Anonymous Coward | about 5 months ago | (#45619367)

Actually, there is one more alternative - don't use "free" apps.

It takes work on the part of a developer to create those apps. They need to be paid for that work. So stop being cheap and actually *pay* for the apps. Then the developer won't have to try to secretly monetize you via ad delivery and you turn off all the downstream problems that arise from that.

In fact, many apps have a "free" and a "paid" version of their apps - with the "paid" version removing all the ads-related activity.

But, of course, most people are too cheap to actually pay for services/products because they cannot do the basic math, so this won't really work either.

Re:So No One Thought It Odd (0)

Anonymous Coward | about 5 months ago | (#45619443)

Actually, there is one more alternative - don't use "free" apps.

I got my first Android phone last month, and so far I'm ignoring Google Play. I don't even have a gmail account.
I'm happy with the apps I get from F-Droid [f-droid.org] and Google Code.
All free software, and nothing weird going on.

Re:So No One Thought It Odd (1)

tlhIngan (30335) | about 5 months ago | (#45620023)

Their flashlight app was requesting network and GPS privs? There's obviously a fundamental problem with the Android security model, and I'm just going to go ahead and point my finger at people. First off, people assume that just because it's on the Play store, it's safe to install. Obviously not the case. Second, people obviously don't review the privs their apps request and say something like "Why the fuck does a flashlight app need access to my GPS and network?"

The problem with the Android permissions model is it gives power to the technical, while ignoring the typical.

The thing is, the Dancing Pigs [wikipedia.org] (or rabbits) phenomena is real, and users who get recommended to try an app will want to try it. You can pop up a dozen dialog boxes saying it's bad, but the user will dutifully close them just to run the app.

Relying on the user to secure themselves has proven to be ineffectual, and it's shown itself repeatedly. Even on iOS - you can get a user to do some pretty amazing things if you walk them through the steps and the outcome is something they want. (It's how various worms that relied on jailbreaks spread - users installed OpenSSH, dutifully installed SSH clients, and failed to change the default password).

Hell, you probably can harvest a ton of passwords to Google, Facebook, Twitter and others if you set up a site that offers "free porn!" and lets them use those sites to "log into" your site (where you're capturing the usernames and passwords, of course).

omg omg omg you deserve it all so so so much (-1)

Anonymous Coward | about 5 months ago | (#45618995)

omg omg omg you all deserve it so much omg omg omg lol flashlight app hahahahaha
5.8 out of 6? or whatever? top rated loloolooolololol...

survival of the fittest... these people and their cellfones it just blows my mind lol
you all tolerate so god damned much abuse I cant even understand how these people think
they are even real, thinking individuals with hopes and dreams....

god this is laughable... such a joke. how much lower can my faith in humanity go?
I applaud loudly the app creator... I had no idea one could sell nothing at all and rob
a man after the sale....

I can't believe people. I cant believe how they could trust like this.

I cant... because I don't. Theres no cellfone here son. theres a strong as shit reason
too. and it aint cause I;m retarded and would use a flashlight app that harvests my fucking
personal data and location... lol as if ... no... its because the fundemental design of any
and all mobile fones is that of a surveillance device.

lol.... surveillance device! surveillance device! surveillance device!... say that out loud 3 times
and then think about what you just said. and think about the fact that your fone recorded it.

you deserve everything thats comming to you. you deserve the abuse. the market is not at fault,
the investor is. you are the investor. this is your fault.

stop rewarding failure.

god... slashdot. wtf,.

"Brightest Flashlight Free" (1)

TangoMargarine (1617195) | about 5 months ago | (#45619247)

Just the name of the app already triggers my warning bells. Poor grammar (why is "Free" in the app name, let alone at the end?!) and the "Brightest!" modifier (reminds me of all those countries with "People's" and "Democratic" in the names) make me suspicious. And this was in the Google store? Shame, Google.

The true cost of free (3, Insightful)

sinij (911942) | about 5 months ago | (#45619037)

As someone that used to work with mobile security - this is tiny minority that got caught. If you carry your mobile phone with you, then you have no reasonable expectation of privacy. Treat your smartphone as a combination of public WiFi and a court-assigned GSP tracking ankle bracelet.

Re:The true cost of free (1)

Mr. Spock (25061) | about 5 months ago | (#45619157)

As someone that used to work with mobile security - this is tiny minority that got caught. If you carry your mobile phone with you, then you have no reasonable expectation of privacy. Treat your smartphone as a combination of public WiFi and a court-assigned GSP tracking ankle bracelet.

This. The entire business model of the internet has shifted to one of sharing geolocation, identity, and preference data that many people would consider private if given the opportunity to provide or withhold their informed consent. We do know that our phones are on the internet, right?

Redundant and weird. (1)

rel4x (783238) | about 5 months ago | (#45619073)

Part of my job involves inspecting outbound network connections from android apps. Practically every ad network is sending your coordinates or location anyways. It seems a bit weird the FTC cared that the app was doing the same when it already had ads on it...

Re:Redundant and weird. (1)

Gavagai80 (1275204) | about 5 months ago | (#45619223)

I'm assuming the ad networks only send IP location data (not very accurate, generally only gives the nearest big city and is often off by hundreds of miles) while the app sends GPS data.

What's the problem (0)

Anonymous Coward | about 5 months ago | (#45619161)

Isn't it just metadata?

GPS spoofing via root? (0)

Anonymous Coward | about 5 months ago | (#45619323)

Does anyone have any experience with this? I'd love to have an app where I can spoof the GPS info sent to apps on a per app basis. I.E. tell everything except Maps, Yelp and Cerberus that I'm located in the NSA offices at Fort Meade. Not only would that get me a little more privacy, but also corrupt the data being collected by these shady app companies.

Yeah, and what a hammer it is *sarcasm* (1)

sirwired (27582) | about 5 months ago | (#45619435)

This settlement meant that the company had to do NOTHING other than to go forth and sin no more. They did not have to pay a single solitary dime, consent to long-term monitoring, or do anything really, beyond promising they would not continue to do something they unambiguously should never have been doing in the first place.

Yeah, that'll teach 'em!

Andorid tells you app permissions (1)

JustNiz (692889) | about 5 months ago | (#45619439)

When you install an app, Andorid tells you the permissions the app needs and asks you to confirm.

If your'e dumb enough to not question why a flashlight app would need access to GPS and the internet, and you still install the app anyway, then you deserve all you get.

That'll get the data back! (1)

halcyon1234 (834388) | about 5 months ago | (#45619513)

Great, the FCC told them not to do it. Let's just say that actually gets them to stop harvesting the data (hahahaha)... what about the data that's already been harvested? They've already stolen a valuable resource which they can continue to sell to 3rd parties.

For that matter, what about the data already in the hands of the 3rd parties? They can do whatever they want with it with impunity.

Maybe we need to hold 3rd party marketers liable, too. Pawn shops are on the hook if they buy stolen items. Let's make marketers pay the same way. Did you buy marketing data from a skeevy company, and that company just got fined? You get fined too, for at least the same amount. Or double. Just watch how quickly the industry starts policing itself, overnight.

I was offered money to add spyware to my app (5, Interesting)

efalk (935211) | about 5 months ago | (#45619645)

I have a couple of calculator apps on the Android market. Obviously, a calculator has zero need for any of your personal data, and that's how much I collect -- zero.

I recently received an email from "Appayable.com". They provide me with a spyware module to add to my apps. The spyware module collects users' personal data and uploads it to Appayable.com. I get paid. Profit!

They say they only sell anonymized data, but I still thought it was a pretty reprehensible business model. I suspect it's pretty common practice, though.

The letter:

I noticed that RpnCalc Financial -- HP 12C has seen a growing number of downloads in recent weeks. I wanted to reach out and discuss how my company, Appayable, offers developers the opportunity to monetize their app without placing ads or impacting user experience

We pull the social profile of your users, anonymize the data, and identify the mobile device. Appayable's SDK does not take up screen real estate on your application, maintaining the great user experience, and providing more revenue for you. Plus, we do not rely on impressions - as we do not place ads within your app - thus, you generate revenue based on a single download and install. No need to retain the user - only have them open the application once.
The revenue stream created is ongoing based on our data partnerships, regardless of continued use of the mobile application.

We've worked hard to make it really simple for you to integrate our service into your app, and as a result have over 6,500 applications on our platform in only 6-months! Whe you have a few minutes, I'd love to talk to you or the appropriate person about working with us.

Giggity (0)

Anonymous Coward | about 5 months ago | (#45619663)

I must have read the title wrong.

I thought it allowed you to find other people using the app near you while you were using your flashlight.

You know, because, when the power's out, there's only ONE thing worth doing . . .

Simple LED Widget (3, Informative)

slinches (1540051) | about 5 months ago | (#45619687)

I just recently got a Nexus 5 to replace my aging Nokia N9 and was amazed by the near complete lack of simple tools that don't want access to your data in return. For the N9, there were a ton of useful free open source tools provided by the community over at maemo.org [maemo.org] . That community was great. Every time I thought that there was something that was missing or new capability I wanted, I'd look there and find an app that already exists or a group of people in the process of building it.

The contrast between that experience and the excessive commercialism of Android was startling. After looking around for a while I did find this Simple LED Widget [google.com] that is just what it says and doesn't require any unnecessary permissions, but I had to sift through dozens of apps like the one in the TFA.

Is there anything even close to maemo.org for Android? I've heard some good things about F-Droid [f-droid.org] , but I haven't looked into it enough yet to know if it's the best option.

the missing app (3, Insightful)

Tom (822) | about 5 months ago | (#45619983)

What's obviously missing is a Mock App - something that will satisfy all those requests and provide them with the data they want - fake data.

Sadly, I don't expect Google - whose revenue stream is largely based on advertisement - would make that possible in Android.

But the NSA didn't tell me either (1)

Colin Castro (2881349) | about 5 months ago | (#45620067)

So when will the Government fine itself or the NSA for gathering my location info without telling me. Heck, I didn't even download their app.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...