Augmented Reality and Data Privacy Concerns: Pokémon Go is Just the Beginning
Pokémon Go is an “augmented reality” (AR) game from Niantic and Nintendo which has become wildly popular since its release in July 2016. While other apps, including “check-in” apps like FourSquare and the earlier Niantic game Ingress, have used location and interaction features in similar ways, few have been so immersive or so popular, and this new visibility raises the stakes of existing marketing and privacy issues and presents them in novel ways.
How the Game Works
The game requires users to physically go to different places in the real world in order to achieve game goals, mostly capturing Pokémon (adorable imaginary monsters) and having them compete against other users’ captive monsters. The capture locations are scattered around a simplified city map, while key in-game landmarks and competition locations are placed on an existing Google database of real-world landmarks, including public art, restaurants, and commemorative plaques.
The game uses the mobile device GPS and Wi-Fi connection information to determine location, and superimposes the game images over the view through the device camera. Game mechanics encourage users to walk between different destinations, rather than drive – increasing users’ physical activity without creating a “fitness app” was one of the developers’ stated goals.
Pokémon Go is free to play, although users can accelerate their progress using real money.
Privacy and Security Implications for Users
There was an initial error in permission requests that briefly granted the app full access to some users’ entire Google account if they logged in using their existing Google ID, but this has been fixed.
However, even without full account permissions, the app and its developers create an enormous trove of information about the user, most notably camera and location information as well as account and device identity. In other words, it knows who you are, where you are, and when you’re using the app. Location and other information appears to only be recorded when the game is running, but because the game rewards having the app open almost constantly, quite a significant amount of data may be gathered.
Because Google ID is one of the two login mechanisms for the game, many users will find that their game data is correlated a truly vast record of personally identifiable information, including locations of use for other apps, purchases, search history, email, website visits, and more.
Even without hacking or data sales, user privacy is far from assured. At least one suspicious user has checked the in-game record of Pokémon capture locations to catch a cheating boyfriend. Enterprising criminals have also used knowledge of the game’s landmarks to rob distracted smartphone users.
Privacy and Security Implications for Non-Users
In-game landmarks are based on a geographical survey taken a number of years ago. At least one such landmark, a former church, is now a home. It is still designated as a landmark in the game, however, and draws dozens of game users at a time to the door of the bemused residents.
Even when a residence is not marked as an in-game destination, game goals can encourage users to ignore property lines, creating annoyance, trespassing charges, and even gunfire. Presumably, Pokémon Go would also create a good pretext for a variety of illicit activities.
Business Uses for Pokémon Go
Businesses may pay Niantic to be marked as key destinations in the game, drawing users to their locations or simply enhancing their status as landmarks in the real world. For example, every McDonald’s restaurant in Japan is an in-game landmark.
Businesses that are already in-game destinations, or happen to be located near them, can also purchase “lures” to draw Pokémon (and subsequently players). Of course, players may or may not be desirable customers, and the lure purchasers need not be affiliated with a location. For example, the expensive New York restaurant Balthazar, described as an “unlikely Pokemon hotspot,” claims not to know who is buying the lures that draw users to its door.
In the Future
This specific game may or may not be a lasting success, but apps using location-sensitive data overlaid on real-time camera images are likely to proliferate. We will see more games, but also shopping and social media applications that will create and store increasing amounts of sensitive user data.
Pokémon Go does not appear to store camera data or transmit images to the Niantic servers, but it does keep a log of every Pokémon a user has seen and interacted. It is entirely possible that a future application could create an enormous database of real-world images, their AR overlays, and individual interactions with both. This database could be used or misused in innumerable ways for shopping, marketing, consumer research, government surveillance, or criminal enterprise.
Ezra Klein, in Vox, outlines his vision of the future:
Pokémon Go looks like a toy…. [It] is a toy. But it’s also the first widespread, massive use case for augmented reality — even though it’s operating on smartphones that aren’t designed for AR. So what’s going to happen as the hardware improves, the software improves, and the architects learn to use these more immersive environments to addict us more fully?
… [It] won’t remain a toy. It’s going to become an industry, a constant, a coping mechanism, a way of life. It will change how we spend our time, how we compete for status, how we interact with our loved ones. It will change the behaviors we think of as normal — already we’re seeing Pokémon Go run into racism; it won’t be long until AR cuts across other fault lines in our society.
Most of the technologies in AR systems are not radically new: the iPhone was released almost 10 years ago. However, the combined use of GPS, camera, smartphone, and wireless data in a single app is now refined enough to be on the brink of rapid consumer acceptance. Enhanced hardware built to take even more advantage, such as lower-profile virtual reality headsets, is not far behind. This combination will create enormous opportunities and risks for users, businesses, and marketers. The Direct Marketing Association, government regulators, and other business groups will need to pay close attention.
Ethics Policy Conclusions
The data generated and collected by AR software is not radically different from the data that is already generated and collected by other software. Therefore, existing policies should not be difficult to adapt to the new technology.
It is possible that new kinds of data will be aggregated and that new forms of risk may arise from them. However, at this time, the primary impact of AR data collection is that it increases the total amount of data available, raising the stakes for organizations tasked with safeguarding it against leaks and misuse.