Pokѐmon Go Privacy Problems: The Legalities of Mobile App Data Collection
Pokémon Go is the most popular mobile game in U.S. history. In the 24 hours after its release last week, it surpassed the daily active users numbers of every other mobile game that has ever existed—attracting nearly 21 million active users at once. As a user myself, I can say that when the servers of the game are working properly, it’s a heck of a good time.
The game was created by Niantic and the Pokémon Company and allows users to roam the streets catching Pokémon in an augmented reality version of the real world. So successful is the game that Nintendo’s minority share in the game has boosted their market value by $11 billion in the week or so since it hit the market.
The game is free to play but features a number of available microtransactions—digital offerings within the app itself—to bring in money. However, like many mobile games, this is not the only source of revenue. The app also collects personal information from its users, which it then strips of identifying information and sells to would-be advertisers.
Since the initial accusations a few days ago, it has been established that Niantic did indeed get full access to your Google Account, however it was not quite the insidious plot that was initially insinuated.
Niantic issued a statement that the overreach in permission was a mistake and the access had never been taken advantage of—an assertion that Google has verified. What’s more, while the permissions did give Niantic potential access to a substantial amount of biographical information such as your email address and phone number, they did not have access to any emails, Google Drive, or Google Wallet. Niantic patched the access out of the app days after the concerns were raised.
However, don’t let these developments completely send your privacy concerns over Pokѐmon Go blasting off again. If you have not yet updated the app, do so in order to patch out the access to your Google account. What’s more, it is important to stay informed about exactly how much information you agree to share by making an account or clicking “yes” to those Terms & Conditions. Pokѐmon Go is still collecting a staggering amount of information on you for later sale.
This probably seems like an incredible amount of information for strangers to know about you—and it is. Unfortunately, the only way to avoid this data collection (as with many apps) is stop using Pokѐmon Go. What’s more, the practice is both common and perfectly legal when done carefully.
Mobile App Overreach: An Ongoing Problem
For example, Runkeeper is a jogging app that has recently been in hot water for tracking your location—when the app is not active. This information is then sent to advertisers. In 2012, a social media app called Path got in trouble for taking its users’ entire address book without their knowledge. They settled an FTC charge, paying $800,000.
Apps that seek overreaching permissions, a perfectly legal practice, unless state law says differently, when properly disclosed, are also common. In 2015, it came to light that quite a few third-party flashlight apps were asking for a lot more permissions on your smartphone than they needed.
Many of the apps has the ability to read phone status and identity, view Wi-Fi connections, modify system settings, obtain full network access, and determine your precise location via your phone’s GPS, among other permissions. This was quite an ask for an app that is primarily for finding your keys when they fall under your car seat.
It’s not surprising that people were sensitive to potential privacy issues with Pokѐmon Go given the history mobile apps have with overreaching permissions and privacy law violations. A huge portion of apps include data gathering of some kind as part of how they make their money—especially free to use apps.