Mobile computing, gaming and the EULA privacy concerns

Chris Boyd, a researcher at GFI Labs, had been analyzing ‘advergaming’, the relatively new practice of embedding adverts in online games. Users have accepted these adverts – it says so in the EULA – if they play the game. The problem is that EULAs, always a problem to read on PCs, are almost impossible to read on games consoles. Take Blacklight on the Xbox 360. There was a splash screen, now removed, discussing the in-game advertising and the information collected by the company. Boyd points out that it was only on screen for about 6 or 7 seconds, could not be copied, could barely be read, and included a link to a privacy statement “that would be tricky enough to type out on a PC without the ability to copy/paste – here, on a static splash screen that you can’t interact with, there’s little chance of catching it.”

The problem is even worse on mobile devices. Boyd analyses the privacy policy for Tetris by Electronic Arts via Google Play. “There’s roughly 5,000 words in there – that’s a lot of text for a PC user to get through; imagine trying the same thing on an Android device.” But it gets worse. In the consent to use data section, it states that both EU and other third parties “may use web beacons, cookies and other types of analytic technologies to collect, use, store and transmit non-personally identifiable game play data, session data, browser identifiers and carrier information amongst other things.”

Those third parties are presumably the ad-serving companies listed in section three – all 35 of them. But the EULA states that users not wishing to review the privacy policies of the companies listed and linked (a non-exclusive list at that) should not install the application. Boyd went on to ‘tally up a word count’ on these privacy policies. His ‘rough estimate’ is a total of 83,808 words. That’s a small novel, or “somewhere in the region of 170 pages of a Microsoft Word document, perhaps?” Reading this would be difficult enough on a PC, “on a mobile, forget about it,” he adds.

In reality, users simply don’t know what they are agreeing to when they play a game. Digital volume has replaced physical small print in contracts – and this means most users simply don’t know what they are accepting.

What’s Hot on Infosecurity Magazine?