Android Bug Causes Privacy Nightmare for Harry Potter: Wizards Unite Players
Mon, April 19, 2021

Android Bug Causes Privacy Nightmare for Harry Potter: Wizards Unite Players

The recently released Harry Potter: Wizards Unite, an AR game similar to Pokémon GO, is "quietly casting another spell" / Photo by: Jaggery via Geograph

 

The recently released Harry Potter: Wizards Unite, an AR game similar to Pokémon GO, is "quietly casting another spell." Video game website Kotaku published an investigation concluding that the game has been collecting a significant amount of user data—even when the players weren't playing at all. The investigation showed that mobile AR game creator Niantic gathered and stored more location data from people playing Wizards Unite than it did for Pokémon GO.


The Game

Wizards Unite isn't as big as Pokémon GO is, but it still managed to rack up millions of downloads and maintain concurrent users. According to CNET, a tech news site that publishes reviews and news on technology, Wizards Unite was built on the same technology and has the same gameplay as Pokémon GO where players walk around in the real world and follow the game's map on their phone.

It is a story-driven game wherein users play as a member of the Statute of Secrecy Task Force tasked to contain chaotic magic flipping both the magical and non-magical worlds over. Just like Pokémon GO, Wizards Unite also has combat situations, varied locations, and frustrating battles.

Wizards Unite isn't as big as Pokémon GO is, but it still managed to rack up millions of downloads and maintain concurrent users / Photo by: Max Pixel

 

Even though they are built with the same technology, the Harry Potter-inspired mobile game "really feels like a new game and not a re-skinned Pokémon GO," CNET says.

"In fact, we think Harry Potter: Wizards Unite beats Pokémon GO every way but one," the tech news site adds. That "one" is the fact that the story it was based on has such an expansive story—from the books to the movies until the recent spin-off of “Fantastic Beasts.” This makes the experience trudge a long way to create the "charm and richness of Harry Potter's magical world on your phone."

With the fact that Wizards Unite is an immersive AR game that requires players to walk around, it's not surprising that it collects data from the players' phone. But the problem comes from the frequency and amount of location data that the game collects.

Kotaku's Exposé

On Wednesday, Kotaku published an extensive investigation into Niantic's gathering of data from its recently released game.

The video game site found that when using Wizards Unite—or Pokémon GO or any Niantic app—the AR creator documents and stores every move users make by up to 13 times a minute. Some players know that the apps record their location data, but they are still surprised when they find out just how much data was collected from them.

Wizards Unite asks players permission to track their movement using their phone's GPS, Wi-Fi, and mobile cell tower triangulation. Kotaku asked European players to share all the data they got from Niantic, which the users requested for. The game creator obliged to the request under the European digital privacy legislation that provides EU citizens more control over their personal data.

"The files we received contained detailed information about the lives of these players: the number of calories they likely burned during a given session, the distance they traveled, the promotions they engaged with," Kotaku said, noting that each request also had a large file of timestamped location data presented as latitudes and longitudes.

"On average, we found that Niantic kept about three location records per minute of gameplay of Wizards Unite, nearly twice as many as it did with Pokémon Go," Kotaku added.

A Bug in the System

After analyzing more than 25,000 voluntarily shared location records, Kotaku also found that Niantic recorded a player's location data nearly every hour of the day. This suggests that the game was gathering the user's data and sharing it with Niantic even when they weren't playing it.

The video game site asked Niantic about this finding, to which the game creator initially said that the finding might be faulty since the game was said to cease data collection while backgrounded.

But upon providing the game developer with additional information of that player, Niantic said they had identified the problem: a bug.

According to the firm, their engineering team "did identify a bug in the Android version of the client code that led it to continue to ping our servers intermittently when the app was still open but had been backgrounded." It added that the bug has now been patched.

Niantic's extensive data collection provided the company with the ability to discern the players' behavior and even intimate details about the users' life. Analyzing these patterns of individual behavior would allow them to identify where the players work, study, live and even plot the routes users take to go home.
Niantic describes itself as a company passionate to get gamers up on their feet and play in the streets. This is evident in their AR games that encourage players to interact with the real world while staying connected in the virtual one.

But such innovations would always come at a price, one that can affect a user's life. The fact that there are companies like Niantic that partly thrive on user data should be a concern for everyone who is constantly logged online because even with noble intentions, gathering such kind of information can be a red flag for ordinary people.

After analyzing more than 25,000 voluntarily shared location records, Kotaku also found that Niantic recorded a player's location data nearly every hour of the day / Photo by: Topher McCulloch via Flickr