Some of the most popular mobile games in the Google Play and Apple App stores collect user data at an alarming rate, according to a recent study conducted by Dutch cybersecurity company Surfshark.
Call of Duty, Candy Crush, and Pokemon GO have been identified as the worst offenders, sending large amounts of personal data back to the company. These apps collected various info, ranging from location to fitness data. This information is then sold on as information to be used by third-party advertisers.
Surfshark tested the applications on 23 different data types to see which apps accessed personal data. The company then created a ranking of “data points” to see how extensively the applications drew user data from these different data types. On average, most apps ranked 12 data points. The top three most data-hungry applications, however, collected 16 data points.
Call of Duty and Candy Crush, with over 100 million and 1 billion downloads respectively, were by far the least secure applications and were ranked the largest users of personal data. Most commonly, applications accessed product interaction, advertising data, purchase history, and location.
In-game purchases and (lack of) supervision
78% of the applications tested by the cybersecurity group accessed user data, which was passed on for third-party advertising. The only tested applications that were found to not do this are Minecraft and Roblox, which the company described as “safer choices” in terms of privacy.
Another worrying trend is the amount of “in-game purchases” used in major games: users can pay real-world money to gain certain advantages or cosmetic changes within the game. In the hands of unsupervised children, however, this can lead to enormous bills charged to family bank accounts.
Some families report having their bank accounts drained by children who spend huge amounts on microtransactions in mobile and console video games.
In-app purchases are available in both the Minecraft and Angry Birds mobile apps. Roblox can also allow for in-game purchases of thousands of euros without proper parental supervision.
“Gaming is an important part of daily life for many people, including children. It is self-expression and socialising,” said Agneska Sablovskaja, data researcher at Surfshark.
Surfshark noted that Call of Duty attempts to entice its market – which is mostly children – with limited-time offers and pressure tactics. Indeed, it is mostly children who are being targeted with third-party advertising and data collection.
“Game creators have their own interests in mind, which is not only for the players to enjoy the game but also to buy additional packages for an enhanced experience. Gamers should remember they are subject to various advertising techniques and their freely disclosed data is used to target them,” Sablovskaja added.
Age ratings, the company also warns, do little to dissuade their use by children or reduce exposure to targeted advertising. Call of Duty, for example, has an age rating of 17+ on the App Store, however it is played by 100,000 six to ten year-olds in the UK alone. Fifa, available to children ages 3 and up, has in-app purchases of as high as $100.
The use of in-game micropayments and “loot boxes,” a form of watered-down gambling aimed at children, has recently come under the spotlight in Europe. 20 consumer groups from 18 countries are now calling for action against loot boxes, which they describe as “predatory” and “fostering addiction.”