Brightest Flashlight Free – the Android app that secretly sent user location to advertisers

Graham Cluley
Graham Cluley
@[email protected]

FlashlightTens of millions of Android users have installed the Brightest Flashlight Free app, not realising that the app engaged in dirty tricks to share information about users’ location and devices with advertisers without consent.

The developers of the Android app, Goldenshores Technologies, have settled charges brought against it by the Federal Trade Commission (FTC), after it was discovered that the app failed to disclose how it was transmitting users’ precise location and UDID (Unique Device Identifier) to third-party advertisers.

Furthermore, the Brightest Flashlight Free app was sneakily sending the information to advertisers before users had the chance to reject the program’s small print:

Consumers also were presented with a false choice when they downloaded the app, according to the complaint. Upon first opening the app, they were shown the company’s End User License Agreement, which included information on data collection. At the bottom of the license agreement, consumers could click to “Accept” or “Refuse” the terms of the agreement. Even before a consumer had a chance to accept those terms, though, the application was already collecting and sending information to third parties – including location and the unique device identifier.

Sign up to our free newsletter.
Security news, advice, and tips.

A pretty underhand thing to do, if you ask me. And the FTC agrees:

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “But this flashlight app left them in the dark about how their information was going to be used.”

“Left them in the dark”. Did you see what she did there? Hur hur..

Even if you were happy with the adverts popped up by Brightest Flashlight Free, and didn’t find them obtrusive or care about advertisers learning information about you, you might not have been that happy with what some of the adverts set out to do.

Back in October, I described how researchers had raised concerns about Brightest Flashlight Free’s gathering of location information, and how it had served up fake anti-virus warnings designed to dupe users into believing their Android devices were infected with malware.

Erik M. Geidl, who runs Goldenshore Technologies, is required to delete any personal information collected from consumers through the Brightest Flashlight app.

The question remains, of course, how many *other* free Android apps are doing similarly sneaky tricks, exposing the privacy of their users?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Brightest Flashlight Free – the Android app that secretly sent user location to advertisers”

  1. sam

    So who's going to check that the data has between deleted, and will this scumbag be prosecuted?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.