Startup Cyber Insurance
Privacy concerns over the use of a fun new game are not high among many users who by and large may not read the fine print of terms of use and the game’s privacy policy. The manner in which the game is subscribed to via the use of an existing social media account for authentication purposes permits the sharing of personal information. I call this ‘cross-identification’. This all is under the rubric of making sure the user is who he or she says they are and for security reasons as well. The concern that emerges is the extent of access that a game may receive unbeknownst to the newly subscribed gamer.
While there are concerns that will be addressed later, the benefits are for the immediate gratification of access and ease of use. The designers of the game believe that the easier it is for the player to sign-up the more the game will be accessed. The designers use the vehicle already provided by the authenticating credentials that reside in the player’s smartphone. By using the method, the subscriber does not have to establish a new account. The broader view of this benefit also causes security minded individuals to imagine a centralizing source of credentials that all soon to be subscribed games, apps, programs, you name it, will just resort to in order to prove who actually is the subscriber. That centralizing source will house and collect subscriber’s device identification, operating system, location information, personal settings and use information of the device.
This concern arose with Pokémon Go’s success as reported by the Guardian, that it caught Congress’ attention. The concern actually raised by Senator Al Franken was the extent of data that the game would be collecting on the subscribers, which would include children. What lurks is the possibility of the data being used in ways undisclosed. The reasons for the information collected as well is important to discern. In a letter from Senator Franken, the Senator voiced his concern over the extent and need for the collecting and using and sharing of players/subscribers private data and if there has been appropriate informed permission to do so. These concerns were sent to the developer of Pokémon Go game.
Games and Apps have privacy policies that state their sharing protocol but seldom do the subscribers learn to whom their personal information is given and the purpose for the sharing. The creeping issue is the matter of how to deal with rogue apps that can be nefarious especially once infiltrating Google’s app store. The would-be gamer seeking a game may subscribe to a rogue game that extracts the gamers personal information and beyond as unknowingly full access is given to the users Google account as he or she is setting up the game on their iOS device.
To this day, rogue apps are getting harder to identify as they share information by being able to gain full access to accounts on user devices. With cross-identification, the adage that a chain’s strength is determined by its weakest link may hold true where an email account can serve as a way into a user’s personal treasure trove identifying information. How that Google linkage for subscription serves a viable vehicle for external and or internal intruder to pierce the veil of a network to garner email information, and the valued token that allows for the linking and user information to be transacted.
Related News
