What price do we pay to play our favorite games?  Especially the “free” ones?

Privacy.  It’s not that we don’t value it.  We do; we treat it as currency.  And it’s sobering how lavishly we spend it.

I just sampled the permissions requested by the following apps on my Android phone or tablet:

Ingress  Unblock Me FREE 
Pandora Slice It!
Angry Birds  Flow Free
Bubble Blast 2

Except for Pandora, a music-streaming service, all are free games.  Some support in-game purchases but I am disregarding that.

Here are the permissions they require, in aggregate:

  • access Bluetooth settings
  • add or modify calendar events and send email to guests without owners’ knowledge *
  • approximate location (network-based)
  • change network connectivity
  • change your audio settings
  • connect and disconnect from Wi-Fi
  • control vibration
  • find accounts on the device
  • full network access
  • install shortcuts
  • modify or delete the contents of your USB storage
  • pair with Bluetooth devices
  • precise location (GPS and network-based)
  • prevent device from sleeping
  • read call log
  • read Google service configuration
  • read phone status and identity
  • read sync settings
  • read sync statistics
  • read the contents of your USB storage
  • read your contacts
  • receive data from Internet
  • retrieve running apps
  • run at startup
  • toggle sync on and off
  • use accounts on the device
  • view network connections
  • view Wi-Fi connections

* – I uninstalled the one that needs to be allowed to do that.  ~~shudder~~
For some of these games, some of these permissions make sense.  Obvious example: Ingress is simply not going to “do what it says on the tin” if it cannot know your exact location.  On the other hand, what the heck does a simple cutting-puzzle game like Slice It! need with my phone’s call history?
Not to mention, the fact that a given permission seems aligned with the game’s function does not mean that is the only use to which that info is being put.  Imagine if all of the information in the listing above were being compiled in one building.  We’d think that was the NSA and we were on some terror watch-list.
How different is the situation here?  If a game manufacturer can’t use this info themselves, they can surely find a buyer for it.  And yes their privacy policy might say that they won’t sell your individual information but I have found most of them do allow the resale of the information they collect if it’s aggregated and “anonymized.”  Except, as you can see here and here and many more places, anonymization is laughably easy to reverse.  Not to mention, the buyers of your information might have a looser privacy policy than the original collector.  Or they might have none at all.
I’m not saying, don’t play free games.  Or even don’t use a smartphone, which really has all the same issues.  I’m saying, be aware of what you’re paying for those things.