The concept of Pokèmon GO is well known by now, as you head out into the real world and your phone displays Pokèmon as if they're actually sitting on the ground in front of you. It's the most successful mainstream release utilising AR (augmented reality) yet, and it's got plenty of people hooked.
Those whizzes at Digital Foundry have taken a look at how the app works on a technical level, and though we'd suggest that there's less detailed insight here than in the channel's breakdowns of major console games (for example), it's still an interesting watch. It shows a bit of Ingress, Niantic's previous release that laid the foundations of the technology, and goes into how the game employs Google Maps.
Check it out below.
Comments 11
So does that mean that downloading your local map from Google Maps will save data, as someone else suggested?
Unfortunately, downloading maps doesn't seem to work. Even for android I didn't notice any real difference in load times
Hooo.... i see. It needs Google Maps to be translated into specific Pokemons based on the place.
Only 4 comments in an hour? I guess Go fatigue is finally setting in, huh?
Can we start something new now, like a Nintendo Direct speculation? I'm still waiting on my Cloud and Bayonetta amiibo reveals. They must be ND worthy.
@rjejr
Yeah, there are too much articles for one thing...
I would be more interested in the backend of how the game works, based on the Pokemon Go Privacy Policy:
https://www.nianticlabs.com/privacy/pokemongo/en
1. "During gameplay and when you (or your authorized child) register to create an account with us (“Account”), we’ll collect certain information that can be used to identify or recognize you (or your authorized child): Personally Identifiable Information, or "PII" (mmm, pie...) ...we will collect PII that your privacy settings with Google, Pokemon Trainer Club, or Facebook permit us to access."
Why would they need our PII to make Pokemon Go work? And I wonder if they can even access my A+ grade SSL/TLS with two step verification foreign email account...
2. "When you (or your authorized child) create an Account we also will collect other information (such as country and language) that cannot be used to identify you (or your authorized child) unless combined with other identifying information."
Well, they're collecting it through the process explained in this Digital Foundry video, so they can match the two together fairly easily. What exactly do they use that result for?
3. "We comply with verifiable parental consent requirements mandated by the Children’s Online Privacy Protection Act (COPPA) and European data protection laws (including, without limitation, the Data Protection Directive) through a verification and consent process handled by PTC."
What if PTC is not used to login, and social media or Google logins are used instead?
"...For U.S. residents, after a Parent has registered a PTC account, The Pokemon Company International, Inc. (TPCI) will verify that the child is the Parent’s child by asking for the sum of the first and last digits of the Parent’s social security number and the Parent’s name, date of birth, and street address."
Wait, what!? Why should anyone ever give away any part of their social security number to a business like this? Isn't that just supposed to be for protected bank accounts and government controlled files? That's a crime wave waiting to happen if that information falls into the wrong hands.
"TPCI will not share that information with us."
Why would they ever need it to begin with?
4. Parents have the right to refuse further collection, use, and/or disclosure of their child’s PII by notifying us. If we learn that we have received PII from a child under the age of 13 without the Parent providing consent, we will delete the child’s Account and all other PII collected in conjunction with such Account."
Okay, that's great, but what about for anyone using the account who is 13 and up?
"The Parents of children under the age of 13 understand and agree that TPCI and/or Niantic may provide information collected via the Services, to third parties who use such information for the sole purpose of administering or providing the Services."
So what happens if those providers ever suffer a security breach, or if their data is ever extracted without being deleted?
5. "We collect certain information that your (or your authorized child’s) mobile device sends when you (or your authorized child) use our Services, like a device identifier, user settings, and the operating system of your (or your authorized child’s) device, as well as information about your use of our Services while using the mobile device. We may use this information to provide the Services and to improve and personalize our Services for you (or your authorized child)."
Why would Niantic need to know my phone model, it's settings, and it's OS/version? Isn't it enough that the device either runs the program or not?
6. "We collect and store information about your (or your authorized child’s) location when you (or your authorized child) use our App and take game actions that use the location services made available through your (or your authorized child’s) device’s mobile operating system, which makes use of cell/mobile tower triangulation, wifi triangulation, and/or GPS."
Why would Niantic need to store this data for the long term? Why can't a user choose to have their history be regularly deleted while keeping their catches? Why is any form of triangulation or GPS necessary? Couldn't the AR function have simply operated on a local scale, generating Pokemon based on local feedback algorithms, without that data needing to be sent to a remote location?
7. "If you register to create an Account and any bugs, errors, or other incidents or problems are found in the operation or development of the Services, we may share your (or your authorized child’s) PII with TPC and/or TPCI if such collaboration is required to investigate, diagnose, correct, and/or resolve the issue."
Why can't they just use normal bug report systems, and not use any personally identifiable information in the process?
8. "We may engage third party service providers to work with us to administer and provide the Services. These third party service providers have access to your (or your authorized child’s) PII only for the purpose of performing services on our behalf and are expressly obligated to secure your (or your authorized child’s) PII and not to disclose or use your (or your authorized child’s) PII for any other purpose."
Why is Niantic giving our information away to third parties for such a purpose at all? What "services" are those third parties performing, and who are they? What guarantee is there that the "obligation" will ensure reasonable security of our information?
9. "We may share aggregated information and non-identifying information with third parties for research and analysis, demographic profiling, and other similar purposes. This information will not include your (or your authorized child’s) PII."
Aggregated information, combined with demographic profiling, can act as a form of personally identifying information. Those are things that can be used to at least partially recognize someone.
10. "Information that we collect from our users, including PII, is considered to be a business asset. Thus, if we are acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your (or your authorized child’s) PII, may be disclosed or transferred to a third party acquirer in connection with the transaction."
So basically, there's the potential that anyone in the business of doing so could access all of that data 10 years from now...
"In the event of such a transaction, we will give you notice of the transaction and the opportunity for a period of 30 days to refuse disclosure or transfer of your (or your authorized child’s) PII to the third party acquirer in connection with the transaction."
What if no one is paying attention any more by the time it happens?
And finally...
11. "Following termination or deactivation of your (or your authorized child’s) Account, Niantic, its clients, affiliates, or service providers may retain information (including your (or your authorized child’s) profile information) and user content for a commercially reasonable time period for backup, archival, and/or audit purposes."
How long is a "commercially reasonable time"? That's a pretty indefinite amount. And why would it be backed up, archived, or audited? If it's being deleted for this purpose, it shouldn't even be allowed to exist anymore.
Wall of text, I know... But I have so many questions, and so few answers.
Is that original or fixed update permissions?
@MadAdam81 They were last updated on July 1, 2016, so probably the original release version.
@PlywoodStick wow, that might as well be a whole article on nintendolife.
@Danny429 It's more like a laundry list of questions I would ask if I could. I wouldn't get the full, real answers unless I were one of them. Too much classified info.
Thomas, it's Pokémon with a é. Not your backwards version
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...