Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

You’re the product being sold
SECURITY SHELF

You’re the product being sold 

Players capture, battle, and train Pokémon, who “appear” throughout the real world via smartphone GPS and camera capabilities. The game quickly became one of the most used smartphone apps, surpassing the previous record held by Candy Crush Saga. An optional companion Bluetooth wearable device, the Pokémon Go Plus, is planned for future release and will alert users when Pokémon are nearby.

While there have been reports of criminals targeting players, and inattentive players walking into stationary objects, Pokémon Go does encourage people to be active outdoors. Some elements of the game, such as “hatching eggs” require the player to walk a certain distance. Phil Peckinpaugh, director of an animal shelter in Indiana, cleverly posted on Facebook, “Trying to hatch an egg or catch rare Pokémon? Come down to the Muncie Animal Shelter to walk one of our dogs while you get your steps in! Just come to the front desk and say you are here for the Pokémon dogs.” The post was widely shared and the shelter reportedly had to buy 20 new leashes to handle the demand.

Outdoor activity and volunteer dog walking aside, the game raises serious privacy concerns. New Pokémon Go users have the option of using a Google account or creating a Pokémon Trainer Club account. Millions of people who downloaded Pokémon Go in the first week granted it access to all data in their Google account. The developer issued an update to the app so that it now only requests access to the user’s name and email address, but this serves as a reminder of how easy it is for smartphone users to give carte blanche access to their private data. Users creating a Pokémon Trainer Club account are required to provide their date of birth, country of residence, valid email address, and accept two incredibly long agreements. Users are also prompted to accept Pokémon-related emails twice during during the signup process.

U.S. Senator Al Franken, a strong privacy advocate, wrote to the developer on July 12 asking for more information. “I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” he wrote, “Recent reports, as well as Pokémon Go’s own privacy policy, suggest that Niantic can collect a broad swath of personal information from its players. From a user’s general profile information to their precise location data and device identifiers, Niantic has access to a significant amount of information, unless users – many of whom are children – opt-out of this collection. Pokémon Go’s privacy policy states that all of this information can then be shared with The Pokémon Company and ‘third party service providers’, details for which are not provided, and further indicates that Pokémon Go may share de-identified or aggregated data with other third parties for a non-exhaustive list of purposes. Finally, Pokémon Go’s privacy policy specifically states that any information collected – including a child’s – ‘is considered to be a business asset’ and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction.”

Senator Franken makes many great points. Some information, including a player’s current location, is obviously required for the game to operate. However, there is no reason why the developer needs identifying information, such as the user’s name and email address, and location information is likely only required for a matter of minutes. The game is free and personal information is collected. Niantic should be more transparent about the Pokémon Go revenue model and their intentions with respect to the personal information they are collecting.

In the past, games were sold, not given away “free” in exchange for personal data. Parents need to become better informed when providing access to their family’s personal information. Consumers are slowly becoming more aware of privacy issues, and are starting to question the collection and use of their personal information. As Andrew Lewis (@andlewis) famously tweeted, “If you are not paying for it, you’re not the customer; you’re the product being sold.”

Listen to our latest podcast to hear more about this issue.

Have a security question you’d like answered in a future column? Email eric.jacksch@iticonline.ca

Related posts