When I was assigned a story on the security risks of Pokémon Go, I groaned. What could be interesting about a game where players chase comic book characters superimposed on the real world on their smart phone?
It turns out the enormous popularity of Pokémon Go IS the story. It’s so engrossing players are tumbling down hillsides and reportedly being lured into ambushes while glued to their screens. That means enterprises that can latch onto Pokémon Go (or create similar apps that go viral) can tap huge marketing opportunities – but face equally large security risks.
Let’s start with the downsides, as those were the focus of my reporting.
The initial security scare focused on reports that Pokémon Go vacuumed up too many details from the Google accounts of players. By all accounts, the developer and Google quickly fixed that, and the game may never have actually used all the information it asked for. But one source hinted darkly that even one-time access to email or other accounts could give a game developer valuable information they could use later. He also asked whether, as Niantic (the game’s developer) frantically ramped server capacity to meet demand, it could possibly put the proper security precautions in place to protect any user info it did gather.
Even if the legit game doesn’t snoop too much info from your phone, my sources described cleverly disguised malware variants that can. Another possible channel for malware are unofficial guides to games that help users improve their scores, or “hacks” that promise a short-cut to extra rewards. “jailbroken” or “rooted” devices, in which users bypass the manufacturer’s built-in security safeguards, are an especially prominent risk.
Then there are the broader (and even more story-worthy) societal concerns. If someone hacks your application and sends unwary players into traffic to chase a character, are you liable if they are it by a car? One source who does a lot of work for defense clients raised the specter of “crowd spying” in the form of a game that sends hundreds of players to catch a character the spy agency placed in front of a sensitive military base. Before authorities can chase the players away, their phones have already captured and transmitted images of the base from multiple angles.
Sound crazy? There Indonesian army has reportedly blocked service members from playing the game while on duty for just that reason. And how much of a leap is it to port such a game from ground-bound smartphones to drones, adding a new dimension (literally) to the privacy, security and liability questions?
The story angles don’t stop at the dark side. McDonald’s is reportedly first into the “monetization” game, sponsoring Pokémon Go play sites at its restaurants in Japan. But using games to draw foot traffic to a specific location is only a baby step.
Imagine a toy retailer creating an AR/VR game that lures kids into their stores and puts the most popular characters near the highest margin toys, giving them an instant discount as they “capture” the character with a tap on the screen? The next step, of course, is to combine real-time information about a player’s location with their past purchase history, credit worthiness or other factors to pop up real-time offers within the game. (This raises the challenge of securely combining corporate data with that from customers’ devices I tackled in my story.)
Senior Vice President Nagaraja Srivatsan at Cognizant Technology Solutions* has a whole raft of other ideas and examples. They include restaurants giving diners a discount if they drop “lures” to get other customers to drop by, or offering “contextual” ads based on where a player is and what they are doing.
Finally, think of the opportunity to use AR/VR games to train or motivate employees. How about a Pokémon Go-type app that rewards hotel employees with bonuses or time off for finding and capturing not characters, but dust spots or trash in public areas? Or that gives field service reps points for sharing maintenance tips through an AR app on their smartphones? (In that case, how do you protect sensitive data about the failure rates of your components, or those from your competitors you see on your customer’s premises?)
Any or all of these scenarios may, or may not, pan out. Pokémon Go itself will undoubtedly fade (maybe sooner than later) as just another fad.
But its blockbuster popularity, however short lived, shows that everyday consumers will download, play, and spend huge amounts of time with the right VR/AR app. And where eyeballs and interest go, money and opportunity follows. Pokémon Go is the tip of a lot of fascinating icebergs we’ll all be innovating around, writing about and pitching about for years.
Got any clients who are trying to ride the Pokémon Go bubble, or facing security threats as a result?————————————————————————————-
*Cognizant Technology Solutions is a client but did not reimburse me for this mention.
Like this post? Subscribe to my RSS feed and get loads more!