Section 1. Introduction
Pokémon Go, an augmented reality smartphone game which has recently become a sensation, is created and operated by the software development giant Niantic, Inc. The term “augmented reality” can be defined in simple words as a live view which is supplemented by computer-generated input. Within the first week of its release, Pokémon Go was downloaded about 7.5 million times in the United States alone and received an immense attention from media and millions of game users.
To analyze the privacy concerns about Pokémon Go, it is important to comprehend how the game actually works. Pokémon Go is based on six major elements, namely, (1) a map, (2) Pokémons, (3) habitats, (4) Poké Balls, (5) Poké Stops, and (6) medals. The map used in the application is based on an actual real-world map of existing streets. The player of the game is always in the center of it. Pokémons are virtual creatures that have to be collected by the gamers. Pokémons mostly live in certain designated areas, the so-called Habitats. Pokémons can be caught and stored by using virtual Poké Balls. Such Poké Balls are collected in special Poké Stops. Players who succeed to catch a certain number of Pokémons or complete other tasks are granted medals. To locate the player on the application map in real time, Pokémon Go needs to collect continuously geolocation information about him/her. Moreover, the creation of a user account requires providing other identification data (e.g., email address and date of birth).
Section 2. Information collected by Niantic
will remain unaware of the types of personal information which Niantic collects from him/her.
Section 3. Use of information collected by Niantic
does not contain an exhaustive list of purposes for which the collected personal data will be used. It simply mentions certain exemplary purposes. Furthermore, the users of the game are assured that: “Whatever the purpose may be, we will only collect information to the extent reasonably necessary to fulfill your requests and our legitimate business objectives.” Article 29 Party recommended Google to provide an exhaustive list of all purposes for which the company processes personal information. Due to the lack of such an exhaustive list, Niantic may soon become subject to similar recommendations.
Section 4. Information that Niantic shares with third parties
Section 5. Security of the collected personal information
Ethical Hacking Training – Resources (InfoSec)
Section 6. Recommendations on how to protect your privacy while using Pokémon Go and similar applications
Below, we provide four recommendations on how to enhance your privacy while playing Pokémon Go or other games using geolocation data.
(1) Make sure that you are downloading Pokémon Go from trusted sources. There are many malicious apps masquerading as Pokémon Go. For example, a group of security researchers found on Google Play Store a malicious app named “Pokémon Go Ultimate.” The app locks the screen of the device on which it is installed. The victim has no other choice except for restarting the device by removing the battery. Once rebooted, the malicious app passively collects ads revenue.
(2) Install the latest version of Pokémon Go. The original version of Pokémon Go requested full access permission to players’ Google accounts. After receiving substantial critique from privacy researchers and politicians, Niantic restricted the scope of the requested personal information. In this regard, company’s representative wrote:
“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”
(3) Scan for viruses any pieces of software designed to update your Pokémon Go.
(4) Do not provide your personal data in exchange for promises to receive Poké Coins. The only legitimate way to receive Poké Coins is by buying them within the app.
This article discussed privacy concerns related to Pokémon Go, one of the most popular current mobile games, and practical steps to avoid privacy issues while using the app. Players of Pokémon Go, who are willing to decrease the risks of privacy invasions should rely not only on the steps above but also participate in information security awareness programs. Such programs are critical for enhancing the privacy and security of players enjoying Pokémon Go and similar apps.
Information security programs can be divided into two categories, namely, informational (e.g., newsletters, websites, and booklets) and educational (e.g., presentations, lectures, and workshops). For example, informational programs can be published on the website of Pokémon Go as well as on the websites of governmental authorities all over the world. Educational programs can be provided in schools and other institutions that are attended by a large number of players.
- Abad-Santos, A. ‘Pokémon Go: 9 questions about the game you were too embarrassed to ask’, Vox, 16 July 2016. Available at http://www.vox.com/2016/7/12/12158372/pokemon-go-ios-android-game-questions .
- Article 29 Working Party recommendations, ‘Appendix: List of possible compliance measures’, Ref. Ares (2014) 3113072 – 23/09/2014. Available at http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/files/2014/20140923_letter_on_google_privacy_policy_appendix.pdf .
- Hawley, S., ‘Jakarta police banned from Pokemon Go over national security concerns’, ABC, 21 July 2016. Available at http://www.abc.net.au/am/content/2016/s4504461.htm .
- Hudson, L., ‘How to Protect Privacy While Using Pokémon Go and Other Apps’, The New York Times, 12 July 2016. Available at http://www.nytimes.com/2016/07/14/technology/personaltech/how-to-protect-privacy-while-using-pokemon-go-and-other-apps.html?_r=0 .
- Katsikas, S.K., Lopez, J., Pernul, G., ‘Trust, privacy and security in digital business’, Computer Systems Science and Engineering, 20.6 (2005): 391.
- Khan, S., ‘Pokemon Go: What are privacy risks and how to protect your Android and iOS smartphones from malware?’, International Business Times, 15 July 2016. Available at http://www.ibtimes.co.in/pokemon-go-what-are-privacy-risks-how-protect-your-android-ios-smartphones-scams-686783 .
- Kovacs, N., ‘Fight Off Malicious Pokemon GO! Apps with The Help Of Norton Mobile Security’, Norton Community, 18 July 2016. Available at https://community.norton.com/en/blogs/security-covered-norton/fight-malicious-pokemon-go-apps-help-norton-mobile-security .
- Kovacs, N., ‘Pokémon Go Cyber Security and Privacy Guidelines’, Norton Community, 12 July 2016. Available at https://community.norton.com/en/blogs/norton-protection-blog/pok%C3%A9mon-go-cyber-security-and-privacy-guidelines .
- Moidel, S., ‘Speed Reading for Business’, Barron’s Educational Series, 1998.
- Olivarez-Giles, N., ‘Pokémon Go’ Creator Closes Privacy Hole But Still Collects User Data’, The Wall Street Journal, 13 July 2016. Available at http://www.wsj.com/articles/pokemon-go-creator-closes-privacy-hole-but-still-collects-user-data-1468363704 .
- ‘Pokémon GO official website.’ Available at http://www.pokemongo.com/en-us/ .
- Price, R., ‘Pokémon Go’ is fixing a bug that gave it ‘full access’ to your Google account’, Business
insider, 12 July 2016. Available at http://www.businessinsider.com/pokemon-go-fix-bug-full-account-access-google-gmail-history-2016-7?r=UK&IR=T .
- ‘Sen. Franken Presses Makers of “Pokemon GO” Smartphone App Over Privacy Concerns, Al Franken U.S. Senator of Minnesota, 12 July 2016. Available at https://www.franken.senate.gov/?p=press_release&id=3512
- Turton, W., ‘Pokémon Go Was Never Able To Read Your Email’, Gizmodo, 11 July 2016. Available at http://gizmodo.com/can-pokemon-go-really-read-all-your-emails-1783479136 .
- Wig, W., ‘Pokémon Go Game Guide (English Version): How to Find and Catch a Pokémon’, Gamas
Publishing, 19 Jul 2016.
- Winkler, I., ‘Pokemon Go: What security awareness programs should be doing now’, CSO Online, 14 July 2016. Available at http://www.csoonline.com/article/3095878/security-awareness/pokemon-go-what-security-awareness-programs-should-be-doing-now.html
Rasa Juzenaite works as a project manager in an IT legal consultancy firm in Belgium. She has a Master degree in cultural studies with a focus on digital humanities, social media, and digitization. She is interested in the cultural aspects of the current digital environment.