A range of studies have shown that popular games are sending data to multiple third-party entities, and even the developers concerned may not know what data is being sent to whom.
Angry Birds, for example, knowingly sends advertising data to 43 entities, but developer Rovio turned out to be unaware of additional data sent through third-party SDKs …
A lengthy Vox piece summarised the problem.
Privacy policies are typically vague, referring to things like ‘gameplay data,’ but this isn’t necessarily as innocuous as it sounds.
The way mobile games collect information about their users, and the details of what type of information they’re collecting, remains incredibly opaque. To some extent, Rovio and its peers may not even know exactly what they’re collecting about their users or how the data is being exploited, thanks to the way software has evolved in the smartphone era. Mobile games are full of other companies’ code, a more efficient way of creating something cheap and functional and cute than building it from scratch.
Although the data captured by popular games is said to be anonymised, that isn’t necessarily true in practice.
The intricacies of gameplay data can tell you a lot about what makes people tick, and what’s going on with them — studies have shown that you play games differently when you’re depressed, or dieting. “Nobody gets too upset about games,” says University of Toronto researcher David Nieborg. “But the underlying technology is really powerful. These people are really pushing the technology to the limits where the potential for abuse is massive.”
Rovio was given as an example of a developer which aims to be transparent about the data it captures, but was unaware of ad-related SDKs in its code.
To be fair, most data captured by apps is used for perfectly innocuous purposes, like serving ads tailored to your interests and helping developers understand which app features are most popular. It’s possible to get carried away with scare stories here.
A spokesperson for Rovio tells Vox that Rovio games use only the resettable advertising IDs provided by Apple and Google, and don’t include third-party advertiser software development kits, but the recent Berkeley study said otherwise. I ask Reardon to double-check, and he sifts through the source code of the latest version of the Angry Birds flagship app. Just as before, he finds several third-party software development kits, including those for Facebook and Vungle.
When I ask Rovio again, a spokesperson revises. The company has “always preferred” to use more transparent server-to-server connections rather than include third-party software development kits directly in their games, but that’s “not an option that is always available nor possible.”
At the same time, it’s absolutely fair to say that current data capture practices are far from transparent, and that some of the data snaffled by popular games could be misused by a developer (or hacker) if it wished to do so. Best practice is always to minimize data capture in order to reduce the risk of either inadvertent disclosure or deliberate abuse.
The full piece is worth reading.
Photo: Shutterstock
