When Android phones first arrived, there wasn’t a built-in flashlight feature. So, flashlight apps were extremely popular—and profitable. One particular flashlight app got caught doing something not so bright, and the US government had to get involved.
This is the story of an app called “Brightest Flashlight Free.” At a time when Android users relied on third-party flashlight apps, this one became extremely popular. I mean, it had “Free” right in the name. That’s hard to beat, right? However, for those who used it, they ended up paying in different ways.
Why flashlight apps were a thing
It was a weird time in smartphones
Early smartphones relied on third-party apps for many features that are now included in the operating system. The first Android phone launched in 2008, but it wasn’t until 2014 that a flashlight toggle was added. It was during this long six-year period that flashlight apps feasted.
To be fair, there’s a perfectly valid reason why flashlight functionality wasn’t a priority for Android. That first Android phone I mentioned, the T-Mobile G1, didn’t have an LED flash for the camera. For several years, it was typically a “flagship” feature, but by 2014, it had become mostly standard. Hence the inclusion of a flashlight toggle in Android 5.0 Lollipop—a monumental update for many reasons.
Back to the flashlight apps—just how popular were they? In late 2013, Brightest Flashlight Free had been downloaded more than 50 million times and had a rating of 4.8/5. This was just one of several very popular flashlight apps, but Brightest Flashlight Free would find itself with some unwanted attention.
Shining a light on a shady app
People ignored the red flags
Brightest Flashlight Free was developed by GoldenShores Technologies, and it has been available on Android since February 2011. Like many flashlight apps at the time, it offered the ability to use the screen or LED flash as a flashlight. The interface was simple and clean, save for a minimal ad at the top.
Naturally, people gravitated toward free, simple apps—especially for something as utilitarian as a flashlight. In only a little over a year, the app already had over 10 million downloads. However, the app’s permissions—and intentions—were not as clean as its interface.
In January 2013, researchers discovered that some of the most popular Android apps were secretly gathering quite a bit of user data. Brightest Flashlight was on this list for accessing device ID and location. A month later, a member of the Android Central forums created a thread titled, “Brightest Flashlight free app has disturbing permissions.”
Now, if you’ve been an Android user for a while, it’s no mystery that app permissions were a disaster for a long time. It was incredibly easy for apps to abuse permissions without users having any idea. It wasn’t until Android 6.0 Marshmallow in 2015 that apps had to ask for permission when they needed a particular feature.
Here are the permissions that Brightest Flashlight Free had access to in 2013:
- Hardware control: Take photos and videos
- Your location: Approximate location (network-based) and precise location (GPS and network based)
- Network communication: Full network access
- Phone calls: Read phone status and identity
- Salvage: Modify or delete the contents of your usb storage modify or delete the contents of your SD card
- System tools: Prevent tablet from sleeping prevent phone from sleeping
Reminder: this was a flashlight app. The only permissions here that were actually necessary were “Hardware control” for the LED flash and “System tools” to keep the screen on. Also, keep in mind that these are only the permissions the app disclosed. It turns out there was even more happening behind the scenes.
The government gets involved
And makes puns!
Some eagle-eyed users were skeptical about Brightest Flashlight Free, but that didn’t stop it from being at the top of the Play Store charts. It all came crashing down on December 5, 2013, when the US Federal Trade Commission (FTC) dropped a bombshell.
The FTC had filed a complaint against Goldenshore Technologies, alleging that it’s privacy policy “deceptively failed to disclose that the app transmitted users’ precise location and unique device identifier to third parties, including advertising networks.” Even worse, the app presented users with an option to not share their information, but it didn’t do anything.
Jessica Rich, the director of the FTC’s Bureau of Consumer Protection, said:
“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it, but this flashlight app left them in the dark about how their information was going to be used.”
Goldenshore Technologies settled charges and agreed to delete all the information it had collected. The app was not removed from the Play Store, but it was required to full disclose how it used user data. None of this discouraged the developer from ending their practice of selling user data, though—it was just more transparent about it.
You don’t need a flashlight app
Surprisingly, the app is currently still available on the Play Store (last updated in 2024), though it’s now simply called “Brightest Flashlight.” A quick look at the “Data Safety” panel shows much of the same. App info and performance, device and other IDs, app activity, and location “may be collected” and “shared with other companies or organizations.”
Thankfully, there is exactly zero reason to download this app or any other flashlight app. The feature has been built in for many years, and recently just got even better. It’s not always good when an OS steals from third-party apps, but this is one example of it being a win for everyone.
Stephan is the sports journalist for the Maple Grove Report.
