US senator: what does Pokémon GO know about us and our kids?


We reported earlier this week on how incredibly popular the new Pokémon GO augmented reality app has become and how quickly crooks have taken advantage, releasing their own fake “malware remix”.

But it’s not just the hackers and their poisoned versions of the app that are making headlines … owner Niantic is too. It seems that the Google spin off is causing concern when it comes to the gathering and use of players’ personal information.

US Senator, Al Franken, has written to Niantic CEO, John Hanke, asking when the “glaring errors in the Pokémon GO privacy policy” are going to be dealt with. Noting that the app has been downloaded approximately 7.5 million times in the US alone, the Senator writes:

I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent.

In his letter, the Senator refers to media reports as well as the Pokémon GO privacy policy, and raises concerns about the unnecessary collection, use and sharing of users’ information without their consent.

Franken is particularly concerned about the collection of data from children, noting that the privacy policy states that…

…any information collected – including a child’s – “is considered to be a business asset”

The Senator also highlights part of the app’s privacy policy in his letter, noting that information collected from users…

… can then be shared with The Pokemon Company and “third party service providers”, details for which are not provided, and farther indicates that Pokemon GO may share de-identified or aggregated data with other third parties for a non-exhaustive list of purposes.

Probing questions

The Senator clearly wants action. He’s all for users’ personal information enhancing their augmented reality experience, but wants to ensure that Americans’ – especially children’s – very sensitive information is protected.

And so his letter ends with some very specific questions on several other items found in Pokemon GO’s terms of service and privacy policy that he wants a response to before 12 August 2016. In summary, the Senator asks:

  • What information collected is actually necessary for the game?
  • How else does the company use the information it has access to?
  • Why does Pokémon GO needs the permissions it asks for?
  • Could the collection of unnecessary information be opt-in, instead of opt-out?
  • How does Niantic inform parents about the information it gathers from their children?

Apps like Pokémon GO are popular because of the way they use the integrated features of modern smartphones, such as cameras and GPS, and it’s not always obvious why apps need the permissions they ask for.

We look forward to Niantic providing the clarity that Franken, and many people, are seeking.

Creative Commons image WILD PIKACHU APPEARS! by Sadie Hernandez..