The augmented reality (AR) mobile game Pokémon GO has enjoyed considerable success in large part because of its GPS-based exploration mechanic. In Pokémon GO, you explore the real world in order to discover and capture fictional monsters. The game overlays 3D models in the real world seen through your camera, hence the term “augmented reality.”
Proponents of the game praised how it promotes outdoor activity and exploration. Detractors are critical of the same component, citing incidences of players attempting to catch Pokémon on private property or in restricted areas. This highlights a fundamental privacy and security risk of GPS-based games with all-encompassing geo-data that doesn’t discriminate from public or restricted locations.
China banned Pokémon GO because of this integrated GPS, believing it would reveal sensitive government geo-data. Combined with the augmented reality camera aspect of the game, do government entities and security organizations have anything to fear from games like Pokémon GO?
Achieving Market Saturation
Players all over the world still regularly play Pokémon GO despite drop-offs in player counts from its initial user base. It had a record-breaking first week in downloads largely in part due to great press, hype, and nostalgia. Pokémon GO has accomplished two things:
- The app popularized the AR and GPS game model combo.
- It achieved weekly player retention on par with other leading apps.
The game has achieved cultural saturation. It’s ubiquitous. According to a survey conducted by Report Linker, 81 percent of millennials and 44 percent of senior citizens are familiar with Pokémon GO. The popularity of Pokémon GO has paved the way for other derivative AR games for years to come, and each will likely have similar security concerns.
Despite the widespread Poké-mania, not everyone was receptive. The game relies on Google Maps to function, and that application is also blocked in China. Because the game piggybacks on Google Maps data, removing portions of the map is more difficult than if Niantic created their own GPS map software themselves.
The official stance from the the China Audio-Video and Digital Publishing Association is that Pokémon GO presents a, “threat to geographical information security and the threat to transport and the personal safety of consumers.”
Perhaps more worrisome for privacy and security experts is that it has become culturally acceptable to play these games in a wide variety of locations. Because of cultural saturation, most people are at least aware of the game, and potentially less suspicious than they might otherwise be of individuals with nefarious intent.
Mobile devices have always presented security challenges, in large part because of their widespread usage and acceptance in society. Third-party screen recording apps like AirShou can be run in concert with Pokémon GO to record augmented reality gameplay. This creates potential for players to unwittingly (or intentionally) expose sensitive information by playing in inappropriate or restricted locations.
When the game was initially released, the game’s developer Niantic allowed players to login using their Google account. This granted “full account access,” a concerning security decision that has since been corrected by Niantic and Google.
Combining augmented reality and GPS in games is compelling and fun for fans, yet it opens up a can of worms for businesses, government entities, and privacy advocates. Going forward, it will be important for these organizations to implement restrictions on where and how these games can be played.