Pokémon Go and app permissions: what you need to know
How much do you care about app permissions? Are you aware of what Pokémon Go, for example, requests from your handset? And how it differs from other popular apps? If not, read on as we explain.
The first thing you should know is that there are some required permissions that you need to accept to begin to play Pokémon Go, such as access to the device's camera, GPS and internet connection. Additionally, you must insert your name and email to start the game, meaning you need a Pokémon Club or Google account. Other permissions, however, are more nebulous.
Comparing popular apps
With a Galaxy S6 running Android 6.0 Marshmallow (API 23), I downloaded Pokémon Go, Facebook, WhatsApp and Telegram in order to compare how these services request access to user information.
Below you can see the required permissions for the use of these four applications from the moment you launch the app for the first time. This table relates only to the permissions required upon launching and setting up the app, so between WhatsApp and Telegram, I make a distinction:
- Telegram requires that you first add your country and mobile phone number to proceed to the app permissions.
- WhatsApp begins by requesting permission to access your contacts, photos, and media files before you log-in to the service. In my opinion, this is less invasive because, if you don't want to provide such permissions, you can stop the app configuration at this time without having to provide your phone number or country in which you live.
Pokémon Go | Telegram | |||
---|---|---|---|---|
Camera | Yes | - | - | - |
Contacts | Yes | - | Yes | Yes |
Content of messages | - | - | - | - |
Device IDs | Yes | - | - | - |
Location | Yes | Yes | - | - |
Memory | Yes | - | Yes | Yes |
Device type | Yes | - | - | - |
Activity recognition | Yes | - | - | - |
Cell phone number | - | If you log in using the phone number | - | Yes |
Operator or internet service provider | - | If you log in using the phone number | - | Yes |
Pokémon Go's permissions explained
Looking at the table above, it seems frightening to have to give so much access to this game before you even begin playing it. And yes, all of the requirements are made before you create an account.
${app-com.nianticlabs.pokemongo}Google recommends that developers inform the user as quickly as possible to what type of access applications will need when they are in use:
"In some cases, one or more permissions might be absolutely essential to your app. It might make sense to ask for all of those permissions as soon as the app launches."
Pokémon Go follows this advice, and it's also the only app in the table to offer an experience with augmented reality. If we put the new Niantic app alongside its predecessor, Ingress, you'll notice an interesting distinction.
Despite that the Galaxy S6 runs Marshmallow (API 23), Ingress doesn't make use of granular permissions, therefore all necessary permissions must be provided at the point when the app is downloaded.
So, if you're used to giving permissions individually, you could quickly tap the accept button after the permissions pop-up appears and sign away all permissions in one move. In the Play Store at the time you click the button "install". Pokémon Go is a step forward here.
So, Pokémon Go is less invasive than Ingress. However, the user information it will ultimately request is largely the same, with the exception of the use of the camera, which Ingress doesn't need. In the table below, you can see how the applications in the same category have essentially the same permissions:
Pokémon Go | Ingress | |
---|---|---|
Camera | Yes | - |
Contacts | Yes | Yes |
Content of the Messages | - | - |
Device IDs | Yes | Yes |
Location | Yes | Yes |
Memory | Yes | Yes |
Device type | Yes | Yes |
Monitoring activities in the app | Yes | Yes |
Cell phone number | - | - |
Operator or Internet service provider | - | Yes |
Use of your location
The requirement of access to your location is essential for Pokémon Go, after all, the game is centered around you hunting Pokémon in the real world, right? This is explained further in Pokémon Go's Terms of Service and Privacy Policy:
"The App is a location based game. We collect and store information about your (or your authorized child’s) location when you (or your authorized child) use our App and take game actions that use the location services made available through your (or your authorized child’s) device’s mobile operating system, which makes use of cell/mobile tower triangulation, wifi triangulation, and/or GPS."
Use of the Camera
The camera is used during the game to support the augmented reality component which blends the real world with the virtual one. Hunting Pokémon in the streets, woods, or even at home, you need to launch the camera when a target is found.
Access to your contacts
Why does Pokémon Go need access to your contacts? At this time, we're not quite sure. You can deny this permission and it doesn't seem to make a whole lot of difference. The only visible effect is that need to repeatedly deny the permission each time you open the app.
Why does Pokémon Go need access to your contacts? It doesn't.
This may simply be the foundation for Niantic to offer a larger multiplayer component to Pokémon Go in the future. At this current time, it isn't possible to chat within the app or use your contacts in any meaningful way. I don't believe Niantic needs access to your contacts at this current point in development.
You need to start reading privacy policies
How the data that Pokémon Go requests of its users will be used isn't immediately clear. You should read the Pokémon Go privacy policy if you want to get a full understanding of this. Although its terms of use don't ask the user to give up as much as, say, Facebook, does, aspects of your data can still be used by third-parties for advertising and promotional purposes.
Access to personal information is a hot topic right now and it may pay to understand how your information is going to be used by each company you offer it to. So, do you think your data is important enough to make you read the terms of service and privacy policy of the products you use? Let us know in the comments.