Shedding light on what your app is up to: 3 lessons for developers
Goldenshores Technologies’ “Brightest Flashlight Free” is an incredibly popular Android app downloaded by tens of millions of consumers. But did those people know that when they used the app, it would transmit their precise location and unique device identifier to third parties, including ad networks? According to a lawsuit filed by the FTC, Goldenshores didn’t give people the straight story about how their information would be used and then compounded the problem by making them think they could exercise a choice about it – a “choice” that proved ineffective.
That may be what the company said, but the fact of the matter is that the app allowed the transmission to third parties, including ad networks, of the user’s precise geolocation – yes, exactly where they were located – as well as unique device identifiers.
But that’s just where the problems started. After installing the app, users got the Brightest Flashlight end user license agreement (EULA) that again failed to disclose just how much the app shared and with whom. At the bottom of EULA were the familiar ACCEPT or REFUSE buttons. And here’s where things really got interesting – because even before users had a chance to click one button or the other, the app was already collecting and sharing location and identifier information to its heart’s content.
The lawsuit charges that by failing to adequately disclose those material facts to consumers, Goldenshores and Erik M. Geidl violated the FTC Act. To settle the case, the company has agreed to provide a just-in-time disclosure that gives people the whole story about when, how, and why their geolocation information will be collected, used, and shared. Furthermore, Goldenshores will have to get users’ affirmative express consent before doing that. The company also has to delete any personal information collected from the millions of people who downloaded the Brightest Flashlight app.
The terms of the proposed settlement apply just to Goldenshores, but what can app developers take from the case?
Geolocation, geolocation, geolocation. The real estate people have it right: People really care about location, and the unauthorized disclosure and sharing of their location makes them understandably edgy. If your app collects and shares sensitive information, it’s smart to explain what’s going on up front, using language consumers will understand. What's more, get people’s express approval before going forward.
Button, button. Who’s got the button? Savvy app developers understand the importance of giving users a choice about how their information is used. But it’s all for naught if the choice is illusory. By featuring ACCEPT or REFUSE or similar buttons, you’re conveying to consumers they have a choice – and that you’ll abide by it. That's a promise you have to live up to.
The best things in life are free. Many app developers adopt a business model that allows for the distribution of their apps for free. That can be great for consumers, of course, but it doesn’t change app developers' legal obligation to abide by well-established truth-in-advertising and privacy principles.
You can file an online comment about the proposed settlement by January 6, 2014. To help keep your app on the right side of the law, here are two FTC titles to add to your reading list: Marketing Your Mobile App: Get It Right from the Start and Mobile App Developers: Start with Security.