TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | Pokémon GO, augmented reality, and privacy Related reading: On the pitfalls of reputation economics

rss_feed
APF17_WebBanner_300x250-COPY
PrivacyTraining_ad300x250.Promo1-01
Webcon_PA_300x250_ad_April-17_FINAL

Unless you’ve been living under a rock, you’ve likely heard of Pokémon GO or skipped work today to keep playing it. If you’re like me, you probably saw it flash through one of your social media feeds like so many other topics you may not have time for. Or perhaps you have kids that are suddenly obsessed with the internet’s latest fad. 

So what exactly is Pokémon GO? Well, in a nutshell, it’s a location-based video game layered on top of the physical world. “Now’s the chance to discover and capture the Pokémon GO all around you – so get your shoes on, step outside, and explore the world,” the app description states. “Pokémon are out there, and you need to find them. As you walk around a neighborhood, your smartphone will vibrate when there’s a Pokémon nearby.” There are “water-type” Pokémon by lakes and oceans, and “Pokéstops” near museums an other historical markers.

The game isn’t even a week old yet – it came out last Wednesday – but it’s caught on in a big way. I mean look at New York City’s Central Park today:

According to TechCrunch, the app has already been installed on more than five percent of Android phones in the U.S. – and that number was captured last Friday. It already has more installs than Tinder, and is approaching as many daily active users as Twitter. Amazingly, players, on average, are using the app for 43 minutes per day. 

And talk about a boost to a company’s bottom line. According to The Verge, the game has already added $7.5 billion to Nintendo’s market value. This is the highest one-day surge for the company since 1983. Though the game is not totally overseen by Nintendo – augmented reality game maker Niantic created the app in collaboration with the Pokémon Company. The latter receives nearly 30 percent of the revenue, which is derived from in-game micro-transactions.

Since we’re talking about a location-based game – one that features augmented reality – privacy must be a concern somewhere, right? 

Well, in a sense, maybe. It’s fair to say, at the very least, it can be creepy, at times. Check out this BuzzFeed story, for example. Boon Sheridan recently bought an old church as his family’s new house. According to some of his tweets, they like to live in usual houses. It turns out, however, that Pokémon GO tends to use churches as “Gyms.” This is an area where players can compete against one another.

Sheridan began noticing people outside of his house – usually teens or young kids.

He continues:

And added some suggestions:

He’s clearly got a good attitude about it:

But some people might find this pretty creepy: 

To its credit, the Pokémon GO Privacy Policy is very readable and has clearly put in some solid privacy practices. Most notably, to verify parental consent, a user must confirm the last four digits of her Social Security number and address for children under 13. Parents can also request what PII the company has on their child. The game uses cookies and web beacons, but does not share PII with third parties. And, interestingly, it has a 30-day provision whereby users can opt out of having their data sold in the event the company merges or is bought out by another company. 

Since Pokémon GO is a location-based game, the company uses cell/mobile phone triangulation, wifi triangulations, and/or GPS to locate users. It’s literally part of the game.

What’s noticeably absent, however, is any mention of what the company does with information collected by the device camera. In fact, you’re asked to consent to its use. 

Screen shot in app

Screen shot from Pokémon GO

As a user, I'd like to know what they're collecting through my camera. I’ve reached out to Niantic Labs about this and will update when I receive a response. 

With any new, ground-breaking technology, there are some potentially dangerous side effects. The U.S. Department of Highway Safety, for example, had to issue a warning to users when driving a vehicle to not use the game.

Criminals have used the game to lure players into certain areas so they can rob them. And, of course, anytime children are playing a location-based game in the real world, you have to be concerned about kidnapping. 

On the other hand, George Mason’s Adam Theirer, who writes extensively about the overreaction to new technology – what he calls “technopanic” – has said he’s already collecting media stories that are panicking about Pokemon Go.

Any time there's buzz around a new technology or service, overreaction seems natural.

Could the app developers have known that Boon Sheridan’s house would become an unexpected hot spot for players? Maybe not. He certainly seems to have some useful suggestions though, particularly the ability to put "do-not-disturb" controls for certain locations, like, you know, his house.

There will always be unintended side effects to new technology and services. We saw similar situations when live-streaming services like Meerkat and Periscope took the world by storm. Over time, they’ve addressed problems and concerns as they've come up.

At the very least, the Pokémon GO phenomenon serves as a good use case for location-based, augmented reality games. Clearly there's money to be made here, and companies will likely rush to market before thinking about all of the privacy implications. Companies need to address any privacy concerns that come up beforehand, and though there are often unexpected issues, it's important to address them as soon as they become apparent. Other developers should learn from any mistakes that are made here. With virtual reality on the horizon, Pokémon GO looks to be just the tip of the iceberg.

UPDATE: July 11, 2:55 pm: Since posting this, Adam Reeve pointed out a vulnerability for those signing into Pokémon GO with Google on iOS. Somehow, the permission screen for granting full access to your Google account is being skipped over. So, if you did create a Pokémon GO account with Google on an iPhone, the app has full access to your email, calendar, contacts, and so on. It's an easy fix as a user, though. Sign into to Google, go to Account Settings -> Connected Apps & Sites -> and click remove Pokémon GO. Definitely a goof on either Google's or Niantic Labs' part. Hopefully they fix this soon. 

Screen Shot 2016-07-11 at 2.41.42 PM

Top image courtesy of Jonathan Perez

4 Comments

If you want to comment on this post, you need to login.

  • comment Shaq Katikala • Jul 11, 2016
    The game switches to an AR mode once you find a Pokemon and it overlays the Pokemon over what your camera sees. Mystery solved on why the OS asks permission to use your camera?
  • comment Jedidiah Bracy • Jul 11, 2016
    Hi Shaq, thanks for the comment. I'm just curious if they do anything with the camera data. I'm sure it's for the reason you mention - purely for game functionality - but we're just guessing. I think it's interesting the privacy policy doesn't make any mention of the camera function and what is collected, if anything.
  • comment Simone Dirven • Jul 13, 2016
    Interesting post, thank you. The Dutch Data Protection Authority said this week that they won't investigate the app on compliance with Dutch privacy law, because apparently Niantic claimed that the risks mentioned by Adam Reeve are a 'mistake that will be fixed as soon as possible'.
  • comment Jedidiah Bracy • Jul 28, 2016
    Thanks for commenting, Simone. Looks like the Hong Kong's privacy commissioner has concerns - this will be included in today's Asia-Pacific Dashboard Digest: https://iapp.org/news/a/pcpd-warns-pokemon-go-players-to-protect-personal-data/