Pokemon GO: What appmakers can learn from the craze

As Pokémon GO takes the mobile—and very real—world by storm, there are lessons to be had for developers, explains privacy expert Linnette Attai.
July 14, 2016

It’s a marketing phenomenon, and according to Hideki Yasuda, an analyst at Ace Research Institute in Tokyo, a social phenomenon, too. It’s Pokémon GO, and unless you’ve been taking a tech break for the past week, you know that it is the game to play right now.

No doubt, companies around the globe are thinking about how they too can create their own augmented reality craze.

Of course, as with all innovation, the launch of Pokémon GO hasn’t been without hiccups, so before you decide to catch the AR wave with your own product, here are some things to keep in mind:

Privacy please

The Pokémon brand has been in the kid space for awhile.  The Pokémon Company and Nintendo know privacy regulations and apply them. The privacy policy for Pokémon GO explains what information they collect and how they use it. There’s also no real mystery to what device applications are needed in order for the game to work.

However, there was a permissions issue that surfaced when users signed in with a Google account. The fix required a patch update, which was implemented quickly, but not before the press started talking about scary security issues.

When it comes to mainstream press, there seems to be no such thing as a story about good data privacy practices. That doesn’t sell. If your product has scale of any kind, know that it will be under the microscope when it comes to issues of privacy. Be sure your house is in order. Test your product thoroughly, inside and out. Measure twice, cut once. Be sure that the only thing users, parents, legislators and the press have to focus on is the innovation factor.

Security is not privacy

Privacy generally refers to what data companies collect and why, how they use it and what rights individuals have around their data. Security refers to how that data is protected and maintained. They are distinct but related disciplines.You can’t have one without the other.

The glitch with Pokémon GO was related to permissions: privacy. No one (except the press) was suggesting that there was a security incident. Why does this matter? Because you need both, and because there are different compliance concepts and constructs for each. (And because when responding to the press, you may want to set the story straight.)

While you’re taking care of your data privacy and security responsibilities, don’t forget about user safety. Far too often I see companies create products and get everything right on data privacy and security, and they think they’re home free. Companies need to anticipate potential safety risks to their users and protect against them. It’s especially important when kids are involved.

At their best, location and social sharing make for incredibly rich community experiences. At their worst, they can create risk for users. If you’re thinking about collecting location data or creating a shared user experience, privacy, security and safety must all be part of the equation.

It may be augmented reality, but it works in the real world

Users may have their eyes on the screens, but they’re still here with the rest of us. One challenge for the developers of Pokémon GO is that users can suggest locations for PokeStops. For some sites, this will be a marketing bonanza, but for others, it’s an unwelcome distraction (or worse).

Keep in mind that when developing, your product may reach beyond the screen. How it works in the real world, and how those not playing may be impacted by those who are, may end up being what matters most.

When it comes to how users will engage with a product, there’s only so much that companies can control. Companies can design a product with the best of intentions and do it all right, but still can’t predict what happens when it gets into the hands of users. Anticipate as much as you can and protect against that. Create a strong compliance infrastructure around your innovation, then GO!

Linnette Attai is the founder of PlayWell, LLC, a compliance consulting firm that guides companies in the US and overseas through the regulatory and self-regulatory environments surrounding digital and mobile privacy, user safety, security, product development, content, advertising and marketing. 



About The Author
Linnette Attai is the founder of compliance consultancy PlayWell, LLC, which guides companies through regulation and industry self-regulation surrounding digital and mobile privacy, user safety, security, product development, content and marketing. You can contact her at linnette@playwell-llc.com.



Brand Menu