You’ve heard of Pokémon GO, but how much do you really know about the latest mobile gaming craze? We dive into how everything Pikachu affects your online privacy. Should you tweak your settings or alter your permissions before you try to catch ’em all? It’s time to find out.
Pokémon GO is a sensation of a scale we’ve not seen for quite some time. The craze element is familiar, but this game’s mechanics put a whole new spin on the phenomenon. It’s location-based, so data about you is crucial to the whole operation. But what happens to that data, and how much does Niantic really know about us?I’ve trawled through Niantic’s privacy policy and terms of service documents to find out whether Pokémon GO really is about to steal your credit card details and starting posting as you on Facebook.
The Pokémon Go Privacy Problem — Is it safe?
Should we be worried? The answer is not simple, and has already caused a US Senator, Al Franken, to raise concerns about exactly what Pokémon GO is doing with our data. First off, we need to examine the sort of data the app harvests. As with virtually any game like this, basic personal details are snagged before you’ve even started. It knows your name and your email address, because you either have to make a Pokémon Club account or sign in using your Google address.
Indeed, the iPhone version of the app may still have access to your entire Google account if you choose to register by that method, rather than manually creating a Pokémon Club account.Niantic claims this is a mistake. I really, really hope it’s telling the truth there, because otherwise it can read your emails and monitor your entire digital life, which really isn’t cool.
It may be fixed by the time you read this, but if you’re concerned, make sure you’ve updated to the latest version of the app. That’s not all you need to worry about though…
Examining Permissions
The first genuine complexity pops-up when you start running the Android version, which thanks to Android Marshmallow’s new disclaimer, tells us exactly what permissions are requested, one-by-one.Some of these are obvious. It needs the camera because this is fundamentally an augmented reality game. It needs your location because, again, it’s what Pokémon GO is about.It needs storage access to store additional data – another no-brainer. The eyebrow-raiser is that the game also asks for access to your Contacts.
There are plans to make Pokémon GO a multiplayer experience, but right now, that’s not the case. I’ve found no need for Contacts access as yet and chances are it won’t help you find Pikachu either.Niantic appears to have built pre-emptive permissions into this app, ready for the next update. That is if we are to assume the Pokémon series hasn’t simply gone evil and become a Trojan horse for corporate info-gathering.The way it asks for permissions suggests it’s simply a case of Pokémon GO, despite its insane popularity, still being a fairly rough-edged beta. All permissions are requested as the app is run, rather than as they’re needed. It’s clunky. You can also withdraw Contacts permissions in your Android phone’s settings menu and the app will still be a-go.
At least Pokémon GO doesn’t also want microphone access too, which would make it a potential one-stop surveillance app.
Location, Location, Location
To find out what Pokémon GO feels it is entitled to do with its data, we have to look into the game’s terms of service and privacy policy.
“The App is a location based game. We collect and store information about your (or your authorised child’s) location when you (or your authorised child) use our App and take game actions that use the location services made available for you (or your authorised child’s) device’s mobile operating system.”
This is as close as we get to a summation of what Pokémon GO does with our data at present. There’s no mention of any camera data being stored or uploaded, no horror-show style clauses you might find in Facebook’s ToS.
However…
Terms of Service documents are there to cover Niantic’s backside should something go wrong, with language that veers wildly between the vague and the pin-point specific when it suits the company. Still, the fact that Pokémon GO downloads more than three times as much data as it uploaded suggests image steals are unlikely.
Read the full article from here
