Pokémon Go has taken over the world since launching last week, sending millions of users into the streets to collect and battle virtual monsters on their smartphones.
With so many players sharing their locations and other personal data with the app, what could happen to all that information?
As users hand over access to their phones’ precise locations, storage and cameras to play the game, the company behind the game reserves the rights to share the data it collects with third parties including potential buyers and law enforcement.
That’s the price to “catch ‘em all” on the free-to-play game. And while companiesregularly collect and profit from user data, Pokémon Go’s massive popularity and reliance on users’ locations and camera access have raised eyebrows in tech circles.
Most of us don’t read the privacy policies of apps we use. Indeed, reading all of them would take about 30 days per year, one study found. So it’s safe to assume that many players of Pokémon Go – which threatens to surpass Twitter in daily active users — aren’t reading the fine print before logging on to chuck Poké balls, either.
To understand how the app can use data, it helps to know what data the app can collect.
For Android users, the game can access both the precise and general locations of the device as well as its camera – permissions inherently necessary to play the game. The game can also access users’ USB storage, contacts, network connections and more.
For iPhone users, the game can access users’ location, camera and photos. Many iOS users log in through their Google account, which grants the app full access. This means, per Google, the app “can see and modify nearly all information in your Google Account” including Gmail, Google Drive, Google Maps and more.
Jason Hong, an associate professor at Carnegie Mellon University’s CyLab Security and Privacy Institute, analyzes apps’ privacy for PrivacyGrade.org. He said just how Niantic uses that data will be dictated by its business model, which doesn’t seem clear at the moment.