UNION STRONG BLOG

Pokemon GO and the Privacy Debate: Why Convenience Will Trump Privacy Every Time

Okay, we need to talk about Pokemon GO.

What is more interesting than the highly addictive launched on this week game – is the Pokemon GO privacy element, the casual ambivalence and/or lack of awareness displayed by users towards the data collection capabilities of the app, and what that means for the wider debate around privacy and the use of our personal information.

But first, just a quick glance at the stats surrounding use of this app only which is why it’s worthy of some attention:

Gotta’ Catch ‘em All

If you don’t already know from the millions of tweets, posts and updates flooding your social streams, Pokemon GO is massive.

How massive? ONLY SIX DAYS OLD POKEMON GO IS ABOUT TO SURPASS THE AMOUNT OF TWITTER USERS and amount of time spent using the iOS and Android game – AGAIN IN ONLY SIX DAYS – is nearly twice that of Instagram.

Pretty crazy, right?

On top of this, Pokemon Go has already surpassed 7.5 million downloads on iOS and Android in the US alone, and is generating more than $1.6 million in daily revenue.

Given the numbers, there’s good reason you’re seeing mentions of the game everywhere – and why you’re also seeing people wandering around the streets, almost zombie-like, scanning the world through their phone screens.

The short explanation of Pokemon GO is this – using your phones GPS co-ordinates, players are shown real world locations where Pokemon (cartoon characters with unique abilities) are located. You then follow the map to the designated locations and use your phone to look around for them. Pokemon are obviously not visible in the real world, but they’re shown on your phone screen. Once you find a Pokemon, you can use a Pokeball to catch it.

There’s more to it than that – there are meet-ups and other locations where you can obtain more Pokeballs and battle, but this is the basic gist. The new app is seen as a breakthrough for augmented reality, where computer generated content is layered over real-world locations.

But while it’s proven hugely addictive, and many have praised the app for helping bring people together based on fun and mutual interest (particularly given recent world events), Pokemon GO does raise some significant privacy and data-tracking concerns.

Collecting Data

As noted Pokemon GO uses your phone’s GPS co-ordinates and is built on Google Maps. The company that created the game is called Niantic which is lead by John Hanke, who was also one of the founders of Keyhole, the 3D mapping company that Google purchased to power Google Maps back in 2004. As such, Niantic is well-aligned to the inner workings of Google Maps – in fact, Niantic itself operated under Google, then Alphabet, till August last year, when it became an independent company, and Alphabet remains a key Niantic investor.

Because of these connections, Pokemon GO operates on a slightly higher level that your regular map-based game, and can provide more accuracy as to where players are and what they’re doing.

Now, that, in itself, has already lead to some issues – police in Missouri, for example, reported that they recently arrested four men who were using in-game locations to target people searching for Pokemon.

In this sense, the game does lead to an increased level of exposure, and potential vulnerability for users.

For their part, the Pokemon GO developers say they’ve chosen real world locations that are “pedestrian safe” in order to ensure players don’t stumble into trouble, but given the capacity for others to track the locations and lay in wait for unsuspecting victims, there are some issues to be aware of.

But surface problems like these aside, there’s actually another, more significant privacy concern with Pokemon GO that many users are not aware of:

In order to play the game, you need to give it access to your Google account – which is fine, many pages use social logins and similar these days, no problem, right? What many people aren’t aware of, however, is that by signing in via Google, you’re also giving Niantic access to all your Google account information.

As per BuzzFeed:

“Like most apps that work with the GPS in your smartphone, Pokémon GO can tell a lot of things about you based on your movement as you play: where you go, when you went there, how you got there, how long you stayed, and who else was there. And, like many developers who build those apps, Niantic keeps that information. According to the Pokémon GO privacy policy, Niantic may collect — among other things — your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location. And if you use your Google account for sign-in and use an iOS device, unless you specifically revoke it, Niantic has access to your entire Google account. That means Niantic has read and write access to your email, Google Drive docs, and more.

Pretty concerning – that level of data access is normally reserved for Google apps themselves.

Of course, there’s nothing to suggest Niantic’s planning on doing anything untoward with that data access – some commentators have suggested this was probably built-in by default without thinking of the possible ramifications. But even if Niantic itself has no plans to do anything with all that info, you can bet the company’s now become a key target for hackers. If they could get access to Niantic’s servers, they’d be able to get a heap of information from the millions of Pokemon GO users who’ve signed up.

And while you can, of course, revoke Pokemon GO’s access to your data, most won’t bother.

Why? Mostly because in order to block the app’s full access you’ll need to start the game all over again, losing your progress, which will be too much to bear for dedicated Pokemon users.

And that, in itself, actually highlights the true state of our wider approach to online privacy and data access.

Privacy vs Convenience

Overall, our attitudes towards online data access – whether we like it or not, whether we feel comfortable about it or not – really comes down to a question of convenience, of what we’re getting in return.

In a study conducted by The Annenberg School for Communication at the University of Pennsylvania last year, researchers found that 43% of respondents were willing to accept a supermarket discount offer even if they knew that as a result the supermarket would analyze their purchase history and make assumptions about them. At the same time, only 21% of respondents – less than half that first group – indicated that they’d be willing to accept that same discount if they knew that the supermarket might use their their data to determine how much money they make. And only 19% would accept with the understanding that the company may use their data to determine their ethnic background.

All of these are ways in which that data is being broken down already – yet when people don’t know this, when they’re unaware of the depths to which that data can be segmented and you, personally, can be categorized, they’re far more willing to accept data tracking when it delivers them a benefit.

This is the same principle behind Facebook’s data access – while people know that Facebook can learn pretty much everything about them based on their on platform activity, then use that information to sell to marketers trying to reach you with ads, they generally accept this trade-off. Because what’s the alternative – stop using Facebook?

Because the benefit outweighs the concern, people click “I Accept” on the terms and conditions and move on.

And this happens all the time – how many times have you actually taken a moment to read through the specifics of what access you’re granting to a company via their documentation?

This leaves us significantly more vulnerable, while also fueling the new age of data-driven marketing. As has been famously quoted many times, 90% of the world’s data has been created in the last two years, a huge amount of personal insights and specifics for any interested party who can benefit to trawl through and categorize you with, based on the most intricate and specific parameters.

Is it good that anyone, if they knew how, could get to know you based on your online presence alone? That they could use your emotional weak spots to target you, to hit with messages that’ll make you more inclined to spend money with them, to donate to their cause?

That political candidates can use such insights to sway your opinion to their side or the debate?

Whether you like it or not, this is happening, because we readily provide access to such insights via apps like Pokemon GO, largely without even realizing it.

But even when we do know it, even when there’s a heap of coverage and reporting on such data access, most still go along with it. Because it’s easier. Because it gives us access to something we want.

This is why the debate over privacy and data access is doomed to fail. Because despite the many warnings and data breaches and threats, people want to use these apps and features. If Facebook came out tomorrow and said they’d been recording and cataloging all your real-life conversations via the microphone on your smart device, do you think people would stop using Facebook?

Despite the headlines, the debate comes down to convenience versus privacy.

And in the modern world where everything’s available within the tap of a mobile screen, convenience is going to win every time.

Experience Pokemon GO in their Official ‘Get Up and Go!’ User Video

Note: After multiple reports on this issue; Niantichas said they are working to update the permissions issue. Time will tell.

Categories