Unless you’ve been under a rock, it’s hard to ignore the presence of a game called Pokemon Go that released about a week ago to most mobile devices (July 6, 2016 in Australia and the United States). Those of you in Europe and Asia, don’t fret, it’ll be out in your neck of the woods hopefully by next week unless you’ve figured out the way to bypass iOS or Android region locks. If you’ve ever played a Pokemon game, then you basically know what to expect. The game uses your GPS and your phone camera to embed Pokemon in the real world, AR (augmented reality) style, and then have you go chase after them and capture them in your poke balls. You can level them up, keep collecting, and of course battle them. I cannot stress enough how ridiculously addicting and fun this is. Much like we have seen with other crazes, this transcends “gamers” and moves into the universal world of all mobile users as potential (and eager) customers. Pokemon Go manages to merge the popular concepts of Facebook, Twitter, Snap Chat, and even Tinder into one universal, easily used for free, app that has gotten it wide attention from games press and mainstream press. It also resulted in a surge in Nintendo (and other) stocks adding a reported $7.5 billion in net value yesterday. So it’s an essentially free social app – there are microtransactions but they can be easily avoided – that makes companies a ton of money and is a blast to play? Too good to be true, right? Yep, it totally is.
Now I’m going to go on record right now and say the point of this piece is to inform, nothing more. If you’re going to let a lowly retro blogger decide whether or not to put an app on your phone, you’re going to have trouble with your security. I’m merely pointing out what has been brought up as a point of concern and inform my readers of the potential ups and downs of this game. It is up to you whether or not you want in, but at least you’ll be prepared for the decision. If it sounds like I’m making a big deal out of downloading a simple app, you should probably read on.
The developer is Niantic Inc., but you should know that until the split in 2015, Niantic was owned by Google. In fact, Niantic was a startup by entrepreneur John Hanke in 2010. This man was a VP of Google’s Geo division that was responsible for all those crazy apps we use to see people’s houses from the sky like StreetView, Google Maps, and of course Google Earth. These projects were acquired when Google acquired Keyhole in 2004, a firm dedicated to geospacial data and it was led by, you guessed it, CEO John Hanke. Before you think I’m putting on a tinfoil hat, let me assure you that I see no conspiracy here. This man has dedicated his life to tracking the landscape of the exterior Earth in companies that he openly led and openly performed business with, not to mention the astounding work he did with Google that allows my air conditioning tech to see my entire house via the Internet. I don’t think that allowing people to look at any exterior location is that big of a deal, although if you’re savvy enough it did make the prospect of robbing a house or even bombing an epicenter into a somewhat easier task. Personally I don’t think we should live our lives restricting tools just because of what someone can do with them. A screwdriver can be a dangerous item in the wrong hands, but we don’t ban them in hardware stores. I bring this all up to make you wonder how or why a man who’s spent his entire life tracking the globe would suddenly make a Pokemon game. It’s because it furthers his work and probably also because it makes him a ton of money in the process.
When you download Pokemon Go, you agree to certain permissions on your phone and Google account. This is nothing new, most apps today have permissions of some kind, and the rule is you either agree or you don’t get the app. What I discovered as odd is when I went through the process on an unactivated phone with a random throw away Google account is that I had to sign in via Google, a pokemon.com option didn’t allow me to make an account. Odd, but okay. Here’s where the crazy begins and it was best recapped in Adam Reeve’s blog (he was a big time architect at Tumblr). He discovered that this app has the ability to “Read all your e-mail, send e-mail as you, access your Google Drive and documents (including deleting them), look at your search history, look at your maps history, access all of your Google Photos, and a whole lot more.” I’ll go on to add that it can also utilize your phone for various items while you keep it on as you browse for local Pokemon. This is a problem, but probably not why you would think. Niantic is not going to take over your Google and stick its tongue out at you. It’s not going to nefariously delete your Google docs or share your nude photos. Hell, Niantic is still in Google’s investment profile, it basically is Google and actually was for a majority of its life. Google isn’t going to do this either, because as I’m hoping you can deduce, it already has that power. The people you should be worried about are the mass of hopeful hackers that I assure you have their eyes on getting into Niantic’s network. Do you trust the entirety of your Google account (which for an Android owner and Goggle Fiber subscriber like me is significant) to the security of Niantic? They are big and the people who work for them are smart, but I feel it’s only a matter of time before someone gets access and then you’re compromised. It just seems too great a risk for my main Google account, but one that can easily be bypassed by making a new one. Furthermore Niantic is working with Google to change the permissions to be more user friendly, but I personally don’t care for the priority and speed that major corporations take with the delicate information they are given carte blanche to. In short, too much work for me to be safe.
Now onto what Niantic is doing that I feel is a bit more benign, but also potentially troubling. They are mining for data and getting a whole metric ton of it. With Maps access they know where you are going, what your commute is, where you hang out. That doesn’t matter for one single person, but with the user base of Pokemon Go you can expand that out and figure out behaviors, patterns, and basically learn an awful lot about a community. That data can be sold for big money. Also, you ever wonder how they get that photo to show you about where your Pokemon is? Well it’s from the photos others take in the app and subsequently send to Niantic (whether they wanted to or not, it’s already agreed to). Put enough of those photos together and you can get the layout of the inside of a building, residence, space as opposed to now where we only had access to the outside. That means that if you played Pokemon Go and found the little critters in your house, Niantic can put together the layout of your house. The same is true for your local mall, then hospital, and heck, probably even sensitive buildings that allow people to carry their phones. This is a bit more troubling. Oh and hey, if they don’t have that data and want it, guess where Pikachu just popped up. We are talking the ability to map and scan the interiors of all structures on Earth, potentially, the one missing piece. I don’t like that idea, even if it’s very far fetched to imagine that a Pokemon app will do it.
I will concede that I don’t think my usage data is that important. I have a Kinect and don’t care if Microsoft (or others) want to watch me as I eat chocolate ice cream and veg out to a marathon of Game of Thrones. This goes double if they want to watch me try beating Rom for the 30th time in Bloodborne or frag demons in Doom. I don’t think the apps I use, the games I buy, or the things I watch are of that much value to me. I can’t market that data to anyone. If someone wants to offer me an experience or item that I can use and in return pulls data it can use, provided I’m told in advance I’m okay with that. I like Facebook and I still dig commanding my Xbox One with Kinect, I’m willing to give up some data to do those things. I think that stops when you want to know the layout of my house, route my wife takes to work, or stuffed animals in my child’s room without anonymity. It’s a delicate balance and one I’m not too keen on when it comes to Pokemon Go.
There you have it. No conspiracy theory, no disasters, and no preaching. I’m sure you can tell by now that I do not use Pokemon Go at this point, neither does my wife (her choice, not mine, but I did have a chat with her about it), and we’ve decided to block it from my child’s tablet (but she’s not even 5 yet so we restrict many things right now). I’m not scared of the crazy things that have already come up regarding Pokemon Go such as finding dead bodies, getting robbed, or having my kid run into traffic (even if I did let her have the app). Pokemon Go is also doing a lot of good things like getting people moving, creating a social atmosphere where people can share a common interest, and let’s not forget the key to gaming as I see it: having fun. A lot of people probably already know about this stuff and download the app anyway. I have yet to hear complaints from those people. My only interest is that before you jump on the cultural zeitgeist bandwagon, it’s best to know what you’re signing on to and how to keep yourself protected. If Pokemon Go ever does get hacked, deleting the app and changing your password will probably be a quick and easy way to keep yourself protected. I just don’t have the time to worry about it.