Federal Trade Commission stated GoldenShores Technologies took ID and location data from the millions using its Brightest Flashlight app.
The developer shared the data with ad networks but did not tell users about this practice.
To settle the charges, GoldenShores has agreed to give users more control over what happens to their data.
The FTC criticised GoldenShores for its poor privacy policy, which did not let people know that the app was logging their precise location and a unique identifier for their phone and was then sharing that information with advertisers.
The free app offered people an opt-out clause, the FTC said this was “meaningless” because data from all users of the Brightest Flashlight app was shared whether they agreed or not.
“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, director of the FTC bureau of consumer protection, in a statement.
“But this Flashlight app left them in the dark about how their information was going to be used,” she added.
A settlement deal signed by GoldenShores tightens up its privacy policy and demands that the company change how it handles data. In particular, it must no longer misrepresent how it gathers data and whom it is shared with, and must give consumers meaningful control over what is done with the information.
In addition, it must delete all the data it previously gathered from those who downloaded the Flashlight app.