I've actually seen a demo of that, where a web page (or malicious script) transmits data in the form of flashes of light by making a large area of the screen white or dark, then another app reads it using the light sensor.

This only works under very specific environmental conditions and allows the app to read data from another app or website that's cooperating with it. It's not an easy attack to pull off for any practical purpose.