Pokemon Go is the mobile craze of the month, but its privacy policy is raising concerns in Congress.
Sen. Al Franken (D-Minn.) on Tuesday sent a letter to Niantic, the game’s developer, asking the company how it is addressing privacy and security in the nascent augmented reality market following reports of the app’s broad collection of user information.
{mosads}”While this release is undoubtedly impressive, I am concerned about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent,” he said in the letter.
The augmented reality game has quickly rushed to the top of the charts in app stores after being downloaded millions of times since its release last week. The game’s world is overlaid atop a map of actual cities, and it tasks players with catching virtual Pokemon in their neighborhoods.
A mini-controversy broke out this week when experts found that the game was requesting full access to users’ Google accounts when they signed up through Gmail. The company said the request for full access was “erroneously” made and that the company only collects limited information from Gmail accounts, including email and login ID.
The company released an update on Tuesday afternoon fixing the error, which only affected iPhones.
“We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly,” Franken said. “When done appropriately, the collection and use of personal information may enhance consumers’ augmented reality experience, but we must ensure that Americans’ — especially children’s — very sensitive information is protected.”
Because of the mapping feature of the game, the app collects specific location information about its users.
It also collects a host of other information, including users’ IP address, operating system and the web page that a user visited immediately before using the app. Franken said the app can also reportedly find contact accounts on smartphones.
The senator asked why all the information is necessary and asked if that collection could still work with an opt-in function.
“If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?” he asked.
He asked which other companies the information is shared with and for what purpose. Franken also questioned how the company makes sure that parents provide meaningful consent for the collection of their children’s information.
Franken has taken a specific interest in the privacy policies of technology companies. He has sent similar letters to Oculus, Google, Samsung, Uber, Lyft and others.