The maker of one of the most popular Android apps has agreed to settle with the Federal Trade Commission concerning allegations that the app makers secretly gathered and sold users' location data—even after the users expressly requested to not have their whereabouts tracked. 

Goldenshores Technologies, LLC, the company behind the Brightest Flashlight Free app, will have to be more direct with consumers in the future about how information is gathered and for what purposes. The company will also be required to delete any personal information already collected through its app which has been downloaded tens of millions of times by Android users.

In a statement put out by the FTC, the commission accused Goldenshores of deceiving users with its privacy policy, failing to disclose that the app would transmit user locations to third parties - primarily for use by advertisers. The FTC also alleges that company presented users with the option to not share their information, but that the company would do so anyway regardless of the answer. Essentially, the preference was meaningless.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a written statement. “But this flashlight app left them in the dark about how their information was going to be used.”

When they first downloaded the app, users were presented with an End User License Agreement and the option to either accept or refuse the terms and conditions. But the commission says the application would already start collecting and transmitting data to third parties before the user could agree or not. 

Much of the data gathered was being sent to advertising networks that increasingly rely on behavioral data to target advertisements. Location data is a particularly useful bit of information for advertisers, who can target users based on their regular commuting habits. As the Washington Post points out, retailers often rely on data from multiple apps to create composite profiles on individual customers.

With location data and device IDs, an advertising company can stitch together information about a user across several apps, experts say. That would enable a marketer to follow a user who buys movie tickets for an Arlington theater on Fandango, makes an Open Table restaurant reservation at McPherson Square and likes the Facebook pages of Nutella and L.L. Bean. 

It's a common practice, but privacy advocates like those at the American Civil Liberties Union are wary about how upfront tech companies are with users. Even as far back as 2011, the ACLU was sounding the alarm about Apple keeping vast records of its users location data.

"Think about how potentially revealing a year's worth of location records can be for many people," ACLU Senior Policy Analyst Jay Stanley wrote. "It could reveal not only where you live, work and play, but your religion, your political activities, medical problems, your friends and lovers, how often you drive to the liquor store, or bars, or sexually oriented establishments of various kinds, what other cities and towns you visit and where you go there, and how you get there. None of this anybody's business."

Photo by OSWANWOLF/Flickr