Unless you’ve been living under a rock, you’ve likely heard of Pokémon GO or skipped work today to keep playing it. If you’re like me, you probably saw it flash through one of your social media feeds like so many other topics you may not have time for. Or perhaps you have kids that are suddenly obsessed with the internet’s latest fad.
So what exactly is Pokémon GO? Well, in a nutshell, it’s a location-based video game layered on top of the physical world. “Now’s the chance to discover and capture the Pokémon GO all around you – so get your shoes on, step outside, and explore the world,” the app description states. “Pokémon are out there, and you need to find them. As you walk around a neighborhood, your smartphone will vibrate when there’s a Pokémon nearby.” There are “water-type” Pokémon by lakes and oceans, and “Pokéstops” near museums an other historical markers.
The game isn’t even a week old yet – it came out last Wednesday – but it’s caught on in a big way. I mean look at New York City’s Central Park today:
Pokemon GO is just insane right now. This is in Central Park. It's basically been HQ for Pokemon GO. pic.twitter.com/3v2VfEHzNA
— Jonathan Perez (@IGIhosT) July 11, 2016
According to TechCrunch, the app has already been installed on more than five percent of Android phones in the U.S. – and that number was captured last Friday. It already has more installs than Tinder, and is approaching as many daily active users as Twitter. Amazingly, players, on average, are using the app for 43 minutes per day.
And talk about a boost to a company’s bottom line. According to The Verge, the game has already added $7.5 billion to Nintendo’s market value. This is the highest one-day surge for the company since 1983. Though the game is not totally overseen by Nintendo – augmented reality game maker Niantic created the app in collaboration with the Pokémon Company. The latter receives nearly 30 percent of the revenue, which is derived from in-game micro-transactions.
Nintendo having their best day since 1983 as #PokemonGo takes over the world#MoverOverMario pic.twitter.com/9XnHeumMSx
— David Ingles (@DavidInglesTV) July 11, 2016
Since we’re talking about a location-based game – one that features augmented reality – privacy must be a concern somewhere, right?
Well, in a sense, maybe. It’s fair to say, at the very least, it can be creepy, at times. Check out this BuzzFeed story, for example. Boon Sheridan recently bought an old church as his family’s new house. According to some of his tweets, they like to live in usual houses. It turns out, however, that Pokémon GO tends to use churches as “Gyms.” This is an area where players can compete against one another.
Sheridan began noticing people outside of his house – usually teens or young kids.
11:20 and people are still driving up and idling for 5-10 minutes while they train.
— Boon Sheridan (@boonerang) July 10, 2016
He continues:
It opens up new avenues of rights and privacy. Clearly someone used an ancient (40+ year old ) database to still consider this a church.
— Boon Sheridan (@boonerang) July 10, 2016
Do I even have rights when it comes to a virtual location imposed on me? Businesses have expectations, but this is my home.
— Boon Sheridan (@boonerang) July 10, 2016
And added some suggestions:
Will Niantic eventually offer controls to the locations with a Gym or PokéStop? Could ‘Do Not Disturb’ hours be set? That could be useful.
— Boon Sheridan (@boonerang) July 10, 2016
He’s clearly got a good attitude about it:
For the record, I've counted 15 people stopping by and lingering in their phones so far. I think at least three car visits as well.
— Boon Sheridan (@boonerang) July 9, 2016
But some people might find this pretty creepy:
These cats figured it out, the bench in the park across the street is close enough to be ‘in’ the gym. pic.twitter.com/HAlVp84cd6
— Boon Sheridan (@boonerang) July 9, 2016
To its credit, the Pokémon GO Privacy Policy is very readable and has clearly put in some solid privacy practices. Most notably, to verify parental consent, a user must confirm the last four digits of her Social Security number and address for children under 13. Parents can also request what PII the company has on their child. The game uses cookies and web beacons, but does not share PII with third parties. And, interestingly, it has a 30-day provision whereby users can opt out of having their data sold in the event the company merges or is bought out by another company.
Since Pokémon GO is a location-based game, the company uses cell/mobile phone triangulation, wifi triangulations, and/or GPS to locate users. It’s literally part of the game.
What’s noticeably absent, however, is any mention of what the company does with information collected by the device camera. In fact, you’re asked to consent to its use.
As a user, I'd like to know what they're collecting through my camera. I’ve reached out to Niantic Labs about this and will update when I receive a response.
With any new, ground-breaking technology, there are some potentially dangerous side effects. The U.S. Department of Highway Safety, for example, had to issue a warning to users when driving a vehicle to not use the game.
Criminals have used the game to lure players into certain areas so they can rob them. And, of course, anytime children are playing a location-based game in the real world, you have to be concerned about kidnapping.
On the other hand, George Mason’s Adam Theirer, who writes extensively about the overreaction to new technology – what he calls “technopanic” – has said he’s already collecting media stories that are panicking about Pokemon Go.
although #PokemonGO is barely a week old, I've already had to started a database collecting all the techno-panicky news reports about it.
— Adam Thierer (@AdamThierer) July 11, 2016
Any time there's buzz around a new technology or service, overreaction seems natural.
Could the app developers have known that Boon Sheridan’s house would become an unexpected hot spot for players? Maybe not. He certainly seems to have some useful suggestions though, particularly the ability to put "do-not-disturb" controls for certain locations, like, you know, his house.
There will always be unintended side effects to new technology and services. We saw similar situations when live-streaming services like Meerkat and Periscope took the world by storm. Over time, they’ve addressed problems and concerns as they've come up.
At the very least, the Pokémon GO phenomenon serves as a good use case for location-based, augmented reality games. Clearly there's money to be made here, and companies will likely rush to market before thinking about all of the privacy implications. Companies need to address any privacy concerns that come up beforehand, and though there are often unexpected issues, it's important to address them as soon as they become apparent. Other developers should learn from any mistakes that are made here. With virtual reality on the horizon, Pokémon GO looks to be just the tip of the iceberg.
UPDATE: July 11, 2:55 pm: Since posting this, Adam Reeve pointed out a vulnerability for those signing into Pokémon GO with Google on iOS. Somehow, the permission screen for granting full access to your Google account is being skipped over. So, if you did create a Pokémon GO account with Google on an iPhone, the app has full access to your email, calendar, contacts, and so on. It's an easy fix as a user, though. Sign into to Google, go to Account Settings -> Connected Apps & Sites -> and click remove Pokémon GO. Definitely a goof on either Google's or Niantic Labs' part. Hopefully they fix this soon.
Top image courtesy of Jonathan Perez.