This latest case of an Android app gone bad is a reminder that even popular apps aren’t always so innocent. The US Federal Trade Commission (FTC) just disclosed an incident of what is supposedly a popular flashlight app that was discovered to be spying on its users and selling off their personal information to the highest bidder.

Although flashlight apps on Android are a dime a dozen, the FTC claims that the free Brightest Flashlight app by Goldenshores Technologies has been installed on tens of millions of devices. It’s probably common knowledge by now that majority of users simply breeze through the installation steps. Those that do might have failed to notice that the app asks permissions for things one might not associate with a simple flashlight utility. Whatever the developers’ reasons were, it turns out that those permissions were used for less than benign purposes.

According to the FTC, the app collected the user’s personal details which it then sold to advertising companies. Furthermore, even when the app informed users about this, it did so in a way that was either unclear or purposely deceptive. For example, the app actually started collecting and sending the data even before the user has read and approved or declined the terms of agreement, making such measures moot.

The FTC has supposedly reached a settlement with the developers of the app, but the details of that have not been disclosed. There is also no word on what measures will be taken on behalf of those whose privacy was already violated. Curiously, the app is still on Google Play Store and still uses more permissions than necessary.

VIA: The Register