Players capture, battle, and train Pokémon, who “appear” throughout the real world via smartphone GPS and camera capabilities. The game quickly became one of the most used smartphone apps, surpassing the previous record held by Candy Crush Saga. An optional companion Bluetooth wearable device, the Pokémon Go Plus, is planned for future release and will alert users when Pokémon are nearby.
While there have been reports of criminals targeting players, and inattentive players walking into stationary objects, Pokémon Go does encourage people to be active outdoors. Some elements of the game, such as “hatching eggs” require the player to walk a certain distance. Phil Peckinpaugh, director of an animal shelter in Indiana, cleverly posted on Facebook, “Trying to hatch an egg or catch rare Pokémon? Come down to the Muncie Animal Shelter to walk one of our dogs while you get your steps in! Just come to the front desk and say you are here for the Pokémon dogs.” The post was widely shared and the shelter reportedly had to buy 20 new leashes to handle the demand.
Outdoor activity and volunteer dog walking aside, the game raises serious privacy concerns. New Pokémon Go users have the option of using a Google account or creating a Pokémon Trainer Club account. Millions of people who downloaded Pokémon Go in the first week granted it access to all data in their Google account. The developer issued an update to the app so that it now only requests access to the user’s name and email address, but this serves as a reminder of how easy it is for smartphone users to give carte blanche access to their private data. Users creating a Pokémon Trainer Club account are required to provide their date of birth, country of residence, valid email address, and accept two incredibly long agreements. Users are also prompted to accept Pokémon-related emails twice during during the signup process.
Senator Franken makes many great points. Some information, including a player’s current location, is obviously required for the game to operate. However, there is no reason why the developer needs identifying information, such as the user’s name and email address, and location information is likely only required for a matter of minutes. The game is free and personal information is collected. Niantic should be more transparent about the Pokémon Go revenue model and their intentions with respect to the personal information they are collecting.
In the past, games were sold, not given away “free” in exchange for personal data. Parents need to become better informed when providing access to their family’s personal information. Consumers are slowly becoming more aware of privacy issues, and are starting to question the collection and use of their personal information. As Andrew Lewis (@andlewis) famously tweeted, “If you are not paying for it, you’re not the customer; you’re the product being sold.”
Listen to our latest podcast to hear more about this issue.
Have a security question you’d like answered in a future column? Email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…