Pokémon Go, privacy, augmented reality and the speed of the internet

Pokémon Go, the latest sensation to sweep the internet throws some interesting light both on how relatively old (at least in gaming terms) intellectual property assets can be extremely valuable, the speed at which new applications can sweep the world, difficulties in fencing off downloads by geolocation and data protection issues.

Not only that, but with reports of incidents of violence, accidents and other mishaps, it will be interesting to see whether any litigation is sparked particularly in the US.

One of the areas of privacy concern that became apparent was that many users took up the option of registering using their Google account. Proof that few people ever read the terms and conditions when clicking on the ‘I accept’ – button is that most people who registered failed to notice that they seemed to have granted the developers access to all of their Google account including documents on their Google drive, their browsing history and Gmail.

Some careful observers did pick this up and raised it directly with the developers who subsequently confirmed that they had not intended to obtain this access (as it is not really necessary in order to provide the Pokémon services) nor had they actually accessed any of this information. Indeed, it subsequently seems to have transpired that an outdated method of using Google to login was used and there was no real concern as explained in the Guardian article.

What is striking is that even though these concerns were reported it seemed to have no effect or whatsoever on the uptake of the game; perhaps proving that not only are people not very careful about the access to data that they giving (if they are even aware if it) but that frankly many people just do not care.

The game was originally only available in New Zealand and Australia (and subsequently in the US). Very quickly, guides on how to download it if you were outside these countries (by setting up accounts with different Apple stores or via various Android downloads) were quickly circulating not only in groups such as Reddit, but also widely in the mainstream press such as The Guardian and Daily Telegraph showing that it is not always easy to prevent users in other jurisdictions from accessing software and other copyright material.

In this case, it was more easy because the Pokémon download was free; with paid applications there is more success in preventing this because credit cards registered in the appropriate country are usually required. This type of geographic restriction is something which has in recent months come to the fore, particularly as Netflix has imposed restrictions on people accessing programs from different countries using VPN services which itself generated much disappointment and comment.

One other thing of note is the speed at which Pokémon Go has taken over the world; not just amongst children but game players globally. It also is an early example of how augmented reality interfacing computer generated material with the real world is rapidly being experienced by millions of people who may never have come across this technology before. Although it is a fairly basic application of this technology, virtual and augmented reality is a huge growth area and while at present the hardware remains relatively expensive for more complex applications, over the next two to three years, with the reduction in the size, weight and expense of sophisticated hardware this technology is likely to have huge penetration in the consumer market for entertainment purposes, particularly in games and sport.

Gamers who have downloaded the Pokémon Go augmented reality game were given a scare on Monday, after noticing that the app had apparently been granted ‘full access’ to their Google accounts.

Taken at face value, the permissions would have represented a major security vulnerability, albeit one that only appeared to affect players who signed up to play the game using their Google account on Apple devices.

The discovery sparked a wave of fear that playing the game might allow its developers, Niantic Labs, to read and send email, access, edit and delete documents in Google Drive and Google Photos, and access browser and maps histories.

In fact, both Google and Niantic Labs, say that ‘full access’ counterintuitively means nothing of the sort, a claim backed up by independent security researchers.

https://www.theguardian.com/technology/2016/jul/11/pokemon-go-privacy-security-full-access-google-account