Skip to main content


Pokémon and permissions

5 min read

How many things can you find wrong with this image? It's the very first screen you see when you open the PokémonGO app for the first time.

First screenshot of PokemonGO

1. Asking for location immediately upon first launch

Almost by definition, immediately upon launch the user can't possibly have any context or understanding of what an app does or why it needs access to certain information or sensors on a device. In fact, I would hope that the OS provider, in this case Google, would just automatically deny such requests, or detect this in an automated fashion during market review and reject the application. Permission requests should happen in response to user actions, when they're trying to use a particular feature. Immediately on first launch is never such a time. (You might think it's obvious to the user that location will be used -- that was how I knew to allow this first permission -- but I wager it's not obvious to every user who hears about this new game.)

2. No explanation or context

Many apps don't do as good a job as we'd like at explaining how data will be used at the time of its request. But this is literally as little information as you can provide: a completely black screen. (Quick: what's the name of the company that is requesting access to this information? Why do they need it? How long will they keep the data? With whom will they share it?)

Google is unfortunately inconsistent on this point in their documentation to developers. While best practices suggest that you explain a permission before you ask, they also provide a utility function to make it easier to only provide that rationale if the user has already denied permission on a previous request: shouldShowRequestPermissionRationale(). In this author's opinion, that function should simply always return true.

3. Bundled, modal permission requests

"1 of 4", really? This is an interesting example of trying to re-create install-time permissions even though Google has explicitly made these into run-time permissions in Android 6.0. Forcing the user to grant or deny permissions before the app will show a single screen to indicate it's even working regresses to making the choice appear all-or-nothing: you have to give up permission, it seems, before using the app. Related, these are _modal_ dialogs, the user has to make a decision before doing anything else; the user doesn't know the implications of the decision or whether she can change her mind later and can't use the app in the meantime to investigate why or what the implications might be of this permission request. Bundling them together into a longer list fatigues the user: how many detailed decisions about data access will the user make (all without any context of functionality or data practices, remember) before being able to finish the task the user engaged in, to launch the game? (This would make for a good user test: when presented with a long list of permissions, at what point do users stop reading? Do most users throw up their hands and start clicking ALLOW or get increasingly annoyed and tap DENY?)

Again, I would prefer if my operating system disabled this functionality to start with. Ask me for three or more permissions simultaneously? Automatically denied. If your app is indeed so special that it requires several different sensors or data sources before any feature can be used (I cannot think of a single category of application that meets this requirement, but I'm open to the possibility), then it apparently requires an introductory walkthrough to explain itself.

(I can't remember what the three additional dialogs were any more, but probably included access to the contacts database and files/media on the device. Anyway, you can and should DENY access; the game works just fine without them.)

Ask for permission in context

This list is really about the ways that the PokémonGO app goes against the basic privacy design pattern of asking for permission in context. Like all patterns, this won't always be the appropriate solution, but I believe it to be a useful guide. Ask the user for permission when the functionality they're using calls for it: your request will be more easily understood. As a result, you shouldn't need to ask for several permissions at once, or ask for permissions before running an app, or block the user from doing anything else before answering.

In general, that in context model has been how the Web has treated permissions: as non-modal, just-in-time requests; an "ask when you need it" approach. I hope it stays that way! As Robert noted in 2011, some apps (he calls them "greedy" and "lazy") will try to turn run-time permissions into bundled, install-time permissions; we should ask them to do better.

Disclosure: I'm totally enjoying PokémonGO and playing it not just because I want to explore how a location-based alternate-reality game has an effect on values such as privacy and in-person interaction. My trainer is Level 10, I've caught and seen 44 in my pokédex and my strongest pokémon is a Kingler (CP 570). Go Team Mystic.