By Michael Goodyear
When Pokémon GO was released in the United States on July 6 it garnered 15 million downloads in just the first week. Pokémon GO has rapidly become one of the biggest apps ever. Its daily active user total has now outstripped Twitter and on current installs it has beat most other popular mobile app games. But despite its quick rise to fame, Pokémon GO has raised a series of concerns about privacy, from what permissions and personal information the app itself accesses to how the app potentially infringes on personal residences.
Pokémon GO is an augmented reality game that inserts virtual imaginary creatures, Pokémon, onto the physical world via your phone. They can appear anywhere, even on your wife’s hospital bed as she is giving birth. The goal is to catch and train Pokémon as part of one of three teams.
Privacy concerns abound with Pokémon GO, even attracting the attention of Senator Al Franken, the Ranking Member of the Senate Judiciary Subcommittee on Privacy, Technology and the Law. The chief initial concern with Pokémon GO was that iOS users had granted “full access” to their Google accounts. While technically this could include being able to see the contents of Gmail and all other Google programs, in reality Niantic, the company that developed Pokémon GO, only accessed basic account information, such as the name of the user and their Gmail address. More than anything it was a combination of Niantic using an out-of-date version of the Google sign-in process and poor wording that led to this seemingly alarming concern. Niantic has since made an update that fixed this problem, with the app now only requesting access to basic information.
Although this problem has received by far the most press, there are other legitimate concerns about how Pokémon GO handles privacy. The app itself has access to your IP address and the most recent webpage you visited, providing some indicators about your location and habits. In addition, the app tracks your GPS location and has control over your camera. While these are essential to using the app, just consider the possible implications if some third party acquired this data. Unless Niantic’s security is ironclad, there is always the possibility that hackers could get this information and have access to your phone. And with an app as huge as Pokémon GO, hackers will definitely be on the lookout.
Others with malicious intent have already started taking advantage of the app’s security shortcomings. A function of the app is that you can create a beacon, which attracts more players and Pokémon to an area. This has been a hotbed for muggers taking advantage of unsuspecting players. Muggers have used the beacons to lure in players and rob them. Police departments from O’Fallon, Missouri to Australia have expressed their concern over the security risks the app creates, especially when players are paying so much attention to the virtual surroundings on their phone that they are not aware of their physical surroundings.
In addition to beacons created by the players, Niantic itself has created virtual Pokémon gyms, basically battle hubs for players to come and play against other teams for control over the gym and win the accompanying prestige, across the globe. Naturally this makes them fairly popular spots. For this reason, Niantic generally locates the gyms at popular sites, although this occasionally goes awry, from the controversial (Trump Tower and the Westboro Baptist Church) to the just plain dangerous (on the South Korea-North Korea border). And sometimes it even registers people’s homes as gyms. Now, it is not as though Niantic asked the permission of Donald Trump or Boon Sheridan to put a gym on their property, but of course the gym itself is a virtual entity, albeit one with very real consequences. As major draws to players, gyms can attract dozens to hundreds of people, infringing on the privacy and peace and quiet of individuals and businesses. And this brings up a host of legal trespassing issues and questions of attractive nuisances that are bound to be raised, all for the benefit of trying to catch a rare Pokémon.
So while players are battling with their captured Pokémon, they also have to be on the defensive. Mind property laws and don’t infringe on real estate, and protect your privacy and safety, or else it might be your information being captured instead of the Pokémon.
Michael Goodyear, who has a BA in History and Near Eastern Languages and Civilizations from the University of Chicago, is part of the ISLAT team.