Privacy Concerns and Behavior of Pok´emon Go Players in Germany

. We investigate privacy concerns and the privacy behavior of users of the AR smartphone game Pok´emon Go. Pok´emon Go accesses several functionalities of the smartphone and, in turn, collects a plethora of data of its users. For assessing the privacy concerns, we conduct an online study in Germany with 683 users of the game. The results indicate that the majority of the active players are concerned about the privacy practices of companies. This result hints towards the existence of a cognitive dissonance, i.e. the privacy paradox. Since this result is common in the privacy literature, we complement the ﬁrst study with a second one with 199 users, which aims to assess the behavior of users with regard to which measures they undertake for protecting their privacy. The results are highly mixed and dependent on the measure, i.e. relatively many participants use privacy-preserving measures when interacting with their smartphone. This implies that many users know about risks and might take actions to protect their privacy, but deliberately trade-oﬀ their information privacy for the utility generated by playing the game.


Introduction
The location-based augmented reality (AR) smartphone game Pokémon Go (cf.Fig. 1) is amongst the most successful smartphone applications of all time and led to a major increase in public awareness about AR [26,32].The game has broken several records [44] and it was shown that its users develop a strong attachment to the game [30].Pokémon Go poses relatively strong privacy threats compared to other smartphone applications, due to the AR functionalities and the location-based nature.There is almost no research on privacy issues with regard to AR technologies [21].Thus, we investigate privacy concerns about organizational information privacy practices and privacy-related behaviors of active Pokémon Go players in Germany.Three research questions arise: First, are privacy concerns a relevant issue for Pokémon Go players and do they differ in magnitude between different groups of players?Second, is there a relationship between the different dimensions of privacy concerns and the actual use behavior?Third, what are active players doing to protect their privacy on their smartphone?Fig. 1: Pokémon Go on iOS [5] The success of Pokémon Go [50] allows it to address these questions for an AR technology based on a large scale user study for the first time.Understanding the heterogeneous perceptions on privacy is necessary since many experts predict that AR will become one of the next big technological innovations with a massive market potential [8,25].Privacy aspects are especially important for AR because of its pervasiveness associated the advancements of wearable AR technologies (e.g.head-mounted displays).This leads to a situation where the user is continuously provided with context-sensitive information about her or his environment [19].This, in turn, makes it necessary to continuously gather and process all kinds of data.Privacy violations can happen to actual users of a system -due to the increasing collection of several different data types [25] -or to the users' direct environment.The case of the social environment could be observed in the past for Google Glasses with several reports about angry civilians who had the feeling of being filmed by the wearer and bars which prohibited entry when wearing the glasses.This partly led to the failure of the device in the consumer market [49].This case emphasizes the need to understand privacy concerns and behaviors of users in respect to AR technology even more.We investigate the privacy concerns based on a sample of 683 active players of Pokémon Go in Germany.The results indicate that privacy concerns are relatively strong throughout different demographic groups (cf.Table 1).This is a surprising result, considering that the participants are all active players of the game.Thus, in the second stage of the research, a second online survey with 199 participants is conducted to figure out specific measures how players protect their privacy.
The remainder of the paper is structured as follows.A brief background on Pokémon Go, AR and related work on privacy is given in Sect. 2. The methodology is described in Sect. 3 and the results are presented in Sect. 4. In Sect. 5 results and their limitations are discussed.Section 6 concludes this work.

Theoretical Background
In the following part, we provide theoretical background on Pokémon Go, augmented reality and the current literature on privacy.

Pokémon Go and Augmented Reality
Pokémon Go [3] is a location-based augmented reality (AR) smartphone game developed by Niantic, a former Google owned company [3,31].Many people see Pokémon Go as the unofficial successor of Ingress [2], another location-based smartphone game, also developed by Niantic.Up to now, no homogeneous opinion, of whether Pokémon Go matches all criteria of AR is formed.However, there is broad agreement that it is a first important step towards AR [17,20,27,28].Thus, we approach Pokémon Go as an AR application for the course of our research.
AR is defined in multiple ways, whereas the definition by Azuma et al. [4, p. 34] provides a comprehensive understanding of the technology.They define AR in a way that "[...] an AR system [...] combines real and virtual objects in a real environment; runs interactively, and in real time; and registers (aligns) real and virtual objects with each other".The differentiation towards virtual reality (VR) is currently not always done in the public discussion.Milgram et al. [29] illustrate the dimensions of mixed reality (MR) based on a x-axis (cf.Fig. 2).Based on this, it is important to distinguish whether the environment is real (AR) or virtual (VR).Up to now, research on AR mainly focused on technical aspects and not on the user behavior [21,43].Since AR is expected to be one of the upcoming technologies [8], it is important to investigate user behavior and privacy issues.

Privacy and the Privacy Paradox
The definition of privacy in the literature consists of a variety of different perspectives [6,39].An often cited definition is given by Warren and Brandeis in 1890.They say that privacy is "the right to be left alone" [48].In the context of this paper, the privacy definition provided by Culnan [10, p. 344] is used, where "privacy is the ability of an individual to control the access others have to personal information".The notion of control plays a crucial role in the privacy literature [7] and for the concerns about organizational practices.Thus, we choose this definition for our research context.Previous literature shows that privacy concerns play an important role for the usage of internet services.For example, Tang et al. [45] argue that retailers can improve privacy and trust if they send clear signals that they will protect the privacy of the customers.Culnan and Armstrong [11, p. 107] provide a framework where users provide their personal data willingly, if they perceive the firm's information processes as "fair".Fair means in this context that these processes "provide individuals with control over the disclosure and subsequent use of their personal information".Differences in privacy behavior with regard to demographics [10,11,38,46] and cultural differences [14] are investigated in previous literature as well.But it is shown that the majority of literature focuses on student samples based in the United States [6].In summary, it can be stated that privacy plays an important role for the usage of online services.However, it is important to mention that "privacy concern is only one of a number of factors affecting Internet and e-services use" [16, p. 51].
Closely related to the discussion on privacy concerns and behavior is the so called "privacy paradox".This phenomenon describes the divergence of the actual behavior of users compared to the stated attitudes when dealing with privacy issues [1,9,33,41].The privacy paradox is a well-known topic in information systems research.Spiekermann et al. [41] experimentally show that participants reveal a multitude of information, which enables providers to construct a detailed profile during an online-shopping tour, although they stated to be concerned about their privacy before the experiment.The paper by Berendt et al. [9] is built on the previously mentioned paper and shows the existence of the privacy paradox by using an e-commerce experiment, too.Acquisti and Grossklags present another point of view on the privacy paradox.They show that while people have high standards regarding their privacy attitudes, their decision process is influenced by psychological factors like "incomplete information, bounded rationality and systematic psychological deviations from rationality" [1, p. 29].These limitations lead to a trade-off of "long-term privacy for short-term benefits" [1, p. 24].Norberg et al. [33] investigate why this divergence of actual behavior and attitudes towards privacy exists.The results support the hypothesis that risk perceptions of users when disclosing personal information influence the intentions to provide personal information.However, the second hypothesis about the effect of trust on the disclosure behavior could not be confirmed.
In summary, it is important to recognize that people do not always behave in the way they state that they would do.Therefore, all results that deal with attitudes of users, in particular regarding to privacy, have to be treated with caution if the goal of the research is to make valid statements for decision choices.Thus, we include the second survey on the actual privacy measures in this work.

Methodology
The methodology presents the design and data collection of the first and the second survey.The second survey on actual privacy related behavior was conducted after we conducted the first one on privacy concerns.

Questionnaire
Survey I We conducted the study with a German panel, thus all items had to be translated into German.As we wanted to ensure content validity of the translation, we followed a rigorous translation process [47].First, the English questionnaire was translated into German with by a certified translator (translators are standardized following the DIN EN 15038 norm).Afterwards, the German version was given to a second independent certified translator who retranslated the questionnaire to English.This step was done to ensure the equivalence of the translation.Third, a group of five academic colleagues checked the two English versions with regard to this equivalence.All items were found to be equivalent.In a last step, the German version of the questionnaire was administered to students of a Masters course to check preliminary reliability and validity.
Privacy concerns with regard to organizational information privacy practices are represented by the variables pcollection, errors, unauthorized secondary use and improper access.As these variables cannot be measured directly (latent variables), they have to be operationalized in order to quantify the concerns via a user study.We choose the privacy constructs by Smith et al. [40], as they are widely tested with regard to validity and reliability (cf.Stewart and Segars [42]).The constructs are built by calculating mean sum scores of the single items belonging to the respective construct (cf.Appendix A).Collection is defined as the concern of people that too much data about them is collected over time.Errors represent users' concerns about inaccurate or false personal data in databases.Unauthorized secondary use measures the concern that personal data is used for another purpose than initially disclosed without the user's authorization.Improper access captures concerns about unauthorized people having access to the user's personal data [40, p. 172].
Survey II The questionnaire of the second survey covers questions about actual privacy protecting measures, which active Pokémon Go players undertake.The questionnaire contains the same demographic questions about age, gender, education and smartphone experience, as well as actual use behavior of Pokémon Go as the first survey.The steps are derived from internet search [18], as well as valuable feedback from colleagues.Measure 1 (M1) asks about whether users turn off services that potentially collect location data.Measure 2 (M2) deals with the use of a separate e-mail address used only for games.Measure 3 (M3) specifies this furthermore and asks about the use of different e-mail addresses for games and social network sites (sns).Measure 4 (M4) asks the participants whether they review which applications can access other accounts (e.g.Facebook).Measure 5 (M5) asks whether users reset the advertising ID on their phone and measure 6 (M6) deals the camera access rights of Pokémon Go.All measures are formulated as statements and could be answered with "yes", "no", "sometimes" or "I don't know".The specific questions can be found in Appendix B.

Data Collection
Survey I In order to ensure high quality of the sample, a certified sample provider (certified with ISO 26362 norm) was employed to get access to their online panel for Germany.By focusing on German users of the game, we could address two potential problems.First, country-specific differences in privacy concerns are eliminated and controlled.Second, by focusing on one country, we could gather a relatively large data set.The survey itself was administered with LimeSurvey (version 2.63.1) [37].The panel provider distributed the survey's link to 9338 participants until the aimed sample size of active players was reached.Of 9338 approached participants, 683 active Pokémon Go players remained, excluding participants who dropped out due to wrong answers to test questions and age restrictions (data was only collected for at least 18 year old participants).Table 1 presents summary statistics for this data set.Further information with regard to the demographics can be found in the paper by Harborth and Pape [22].
Survey II Since of the constructs in Survey I only provide information about attitudes and stated concerns, we wanted to consider actual use behavior with regard to privacy protecting measures.Because of anonymized answers in Survey I, we could not ask the same participants.In addition, we could not employ a panel provider as in Survey I due to limited resources.Thus, we created a very brief questionnaire (see Sect. 3.1) and administered it with LimeSurvey (version 2.63.1) [37].We distributed the link of the online survey in three Pokémon Go Facebook groups (Germany, Frankfurt and Munich).All groups are closed groups with approximately 30,000 members altogether.The questionnaire was online for 4 days and 238 users started it, whereas only 200 participants finished it.One participant's answers were deleted, because he or she stated to be younger than 18 years.Table 2 presents the summary statistics for this data set.

Demographics
Survey I Table 1 shows that the median age is 32 years and that there is a larger share of women than men in the sample.Furthermore, the secondary school leaving certificate1 and the A levels certificate2 are the most common educational qualifications.With regard to these demographics, it can be argued that this data set represents the German population to an acceptable degree.The smartphone experience has a median of 6 years.The privacy constructs have all at least a median value of 5.5, implying that most players agree to the statements made in the constructs' items.The actual use frequency has a median of 5 which stands for playing "several times a week".Improper access has a median of 6.333. 3urvey II The demographics of the second survey are slightly different to the first survey with regard to age, gender and smartphone experience (cf.Table 2).The participants of the second survey are 6 years younger with regard to the median age and there are slightly more men than women in Survey II.The users in Survey II have one year more smartphone experience.Although the users in both surveys say that they are active Pokémon Go players, the participants in Survey II state that they play Pokémon Go several times a day (median of 7) and players of Survey I state that they play it only several times a week.Apparently, the participants acquired through Facebook groups are rather heavy users compared to the ones acquired with the help of a sample provider.A self-selection mechanism could explain this difference.In these Facebook groups, players exchange information about new offers, versions and places to hunt for special Pokémons.This is especially interesting for highly attached players, which would indicate that those are rather heavy users.

Results
We present the results of Survey I and Survey II in the following sections.

Survey I -Privacy Concerns
The variables collection, errors, unauthorized secondary use and improper access are not normally distributed while actual use is normally distributed according to the Shapiro-Wilk test for normality.In the first part of the empirical assessment, it is investigated whether users' privacy concerns and the actual use behavior (i.e.The threshold for age is not clearly determinable because there are two rationales for dividing the data which are highly interesting to investigate in the context of privacy.The first approach is a median split, a commonly used technique for forming categorical variables in statistics [24].This has the advantage of comparing two groups, similar in size, based on the actual median of the used data set.This results in the groups of participants aged 31 and younger and participants aged 32 and older.A categorical variable is created where 0 stands for participants aged 31 and younger and 1 for participants aged 32 and older.One group contains 341 participants and the second one 342.The second approach deals with the notion of "digital natives" (DN) versus "digital immigrants" (DI) [35].Since there is a vivid discussion on whether the notion of DN is substantial [23], it is interesting in the context of privacy concerns to apply this threshold and investigate, whether it is true that DI are rather privacy sensitive and more concerned than the younger generation.A commonly named threshold for the oldest year of birth of a DN is 1980 [34].The resulting two groups contain 446 entries for DN (37 years old and younger) and 237 entries for DI.The median split approach is applied for experience since this is the most meaningful approach, with groups with smartphone experience less than or equal to 5 years and greater than or equal to 6 years.Education is divided into a group with participants without university degree (NU), comprising all participants whose highest educational qualification is the German Abitur (N= 487) and a group with 196 participants holding at least a Bachelor's degree (U).Table 3 summarizes the results for the statistical assessment of whether the group differences in mean values are statistically significant or not.
For collection there are only significant differences for the two different age groups.Users' perceptions of the errors construct differs between younger and older participants as well as between participants without and with university degree.Interestingly, the group comparison of unauthorized secondary use is different for the age groups.For the median split, there is no statistically significant difference in the evaluation between and older players, whereas there is one for the case of DN versus DI.The evaluation for this construct differs significantly between women and men.For the improper access construct, statistically significant differences are prevalent for age and gender.The variable actual use is homogeneous across the different characteristics of Pokémon Go players except for smartphone experience.The question of whether privacy concerns influence the use behavior is addressed in the second part of the empirical analysis.Due to the breakdown into four variables, it is possible to assess which kind of privacy concern exerts what kind of influence on use behavior.This question is addressed with a two-stage process (cf.Table 4).First, each privacy concern variable is treated as the independent variable in a simple linear regression model, with actual use behavior as the dependent variable.Second, a multiple regression model, containing all independent variables, is calculated in order to assess the effect of the different dimensions of privacy concerns on use behavior simultaneously.
The results of the regression analysis indicate that privacy concerns have no significant impact on the actual use behavior.Although there are statistically significant relationships, the effect sizes are rather small and therefore not relevant.In summary, the results about privacy concerns indicate that there are significant differences in the different dimensions of concerns between younger and older players.Furthermore, gender matters for two of the four dimensions.An additional regression analysis with the actual use frequency revealed no clear impact of privacy concerns, indicating that players might well be aware of privacy dangers and are concerned about it, but are still playing the game.Thus, although privacy is perceived as important, it does not affect the use of Pokémon Go.The game requires several more types of data compared to other smartphone applications due to its location-based and AR nature.This contrary result could be a case of the privacy paradox [33], where people state that privacy is important for them, but act in the opposite way.

Survey II -Privacy Behavior
The distribution of the answers on the privacy protecting measures are illustrated in Fig. 3.The number of participants who turn off services that collect location data is approximately the same as those who do not and those who sometimes do it.45% of the players use a separate e-mail address only for games and roughly the same number of players do not.The remaining users (10%) do it sometimes.The distribution for M3 (different e-mail addresses for games and sns) is almost the same as for M2.Interestingly, more than 65% of the Pokémon Go players review the access of applications to other accounts and only 10% do not.The remaining users undertake this measure sometimes.More than 80% of the users do not reset the advertising ID and only 10% do know about it at all.The majority of the players forbid Pokémon Go the camera access (60%) and 10% do it somestimes.The remaining participants do not forbid it.

Discussion
After we discussed the results of the two surveys independently of each other, we combine and interpret our results in the following part.After that, we discuss the limitations of our work.

Interpretation and Implications of the Results
As mentioned previously, there are significant differences in the different dimensions of the concerns between younger and older players.Furthermore, gender matters for two of the four dimensions.Gender differences in privacy concerns were also shown to be prevalent in past literature (e.g.[38,46]).For the age differences, the results indicate that relatively older players of Pokémon Go are more concerned.This is in line with the dominant notion of less concerned younger internet users compared to older users with a higher awareness.The regression analyses do not show any impact of the privacy concern dimensions on the actual use behavior of Pokémon Go.Based on this, it can be said that concerns about the privacy practices of organizations exist amongst players of the game and that they are heterogeneous with regard to the certain demographic characteristics.However, these users still play a game, which has access to several data types and processes them.This behavior is in line with the notion of the privacy paradox.However, this explanation becomes inconclusive, when looking at the actual privacy preserving measures of the players.It can be seen that, depending on the measure, approximately half of the participants of the second survey engage regularly or sometimes in doing these measures.A combination of these results imply that the majority of Pokémon Go players are aware about the risks (since they actively try to preserve their privacy with the measures tested) and almost all players are concerned.However, it seems that playing the game provides so much utility that they willingly agree to the implicit trade-off between playing the game and loosing a certain degree of control over their privacy.This explanation for an opposing behavior with regard to information privacy is known as the privacy calculus [12,13,15].The privacy calculus is often mentioned in the literature as an explanation for the privacy paradox.

Limitations
The main limitations concern the sample characteristics.Both samples contain relatively more younger Pokémon Go players.With respect to this, the sample is not representative for the German population.This skewness might also be caused by the fact that digital games are played rather by younger users than older ones.In addition, our survey is only conducted with German players.Thus, the results could possibly differ from surveys conducted in other countries or cultural regions.But, this focus brings along advantages for this research (cf.Sect.3.2), which can outweigh the limitations.Another limitation relates to the German translation of the English constructs.The constructs might have been understood differently by the participants than originally intended.This is always a possible threat when adapting original constructs from a language to another.The last limitation emerges due to the fact of analyzing two different samples.As described in Sect.3.2, we could not ask the same participants from the first survey about their privacy preserving measures.Therefore, we are not able to compare the relationship between concerns and actual privacy behavior on an individual level.In addition, it is possible that people lie about their actual behavior in surveys.Thus, asking people what they actually do is also prone to errors that can hardly be controlled for in an online survey.

Conclusion and Future Work
We contributed to the literature on privacy and augmented reality in several ways.First, we contributed to the body of literature on information privacy by doing an empirical, not a normative work, that is based on a non-student sample with participants, who are not located in the United States [6,39].Second, many studies on privacy only include perceptions and attitudes of users and no actual privacy-related behavior.By conducting the second survey, we are able to determine that relatively many Pokémon Go players act in a privacy-friendly way.By merging all the insights of both studies, we suggested that the majority of the Pokémon Go players are well aware of privacy risks and measures, but willingly trades-off benefits of the game against a higher level of privacy.Third, this research is one of the first to investigate privacy issues related to AR applications.
These insights indicate that users will abandon the protection of their privacy, if smartphone applications provide a level of utility that is high enough to outweigh the concerns.This conclusion is indepedent of the knowledge about and usage of privacy-preserving measures.
Future work should consider to include questions about privacy concerns and privacy measures in one questionnaire to include all three dimensions.First, the actual use behavior of the application.Second, the privacy concerns.Third, the actual privacy preserving measures undertaken by each participant (cf.Appendix B).In addition, our research on Pokémon Go and privacy could be conducted in other countries with different cultural values.This is especially interesting for the case of privacy perceptions and privacy preserving behavior.Another interesting dimensions is the investigation of this topic along different points in time.It could be investigated whether differences in the perception about Pokémon Go and associated privacy dimensions occur over time.
Unauthorized Secondary Use USU1.Companies should not use personal information for any purposes unless it has been authorized by the individuals who provided the information.USU2.When people give personal information to a company for some reason, the company should never use the information for any other reason.USU3.Companies should never sell the personal information in their computer databases to other companies.USU4.Companies should never share personal information with other companies unless it has been authorized by the individuals who provided the information.Improper Access IA1.Companies should devote more time and effort to preventing unauthorized access to personal information.IA2.Computer databases that contain personal information should be protected from unauthorized access -no matter how much it costs.IA3.Companies should take more steps to make sure that unauthorized people cannot access personal information in their computers.Use Behavior Please choose your usage frequency for Pokémon Go: -Never -Once a month -Several times a month -Once a week -Several times a week -Once a day -Several times a day -Once an hour -Several times an hour -All the time The frequency scale is adapted from Rosen et al. [36].All other items are measured with a seven-point Likert scale, ranging from "strongly disagree" (coded as 1) to "strongly agree" (coded as 7).Male participants are coded as 0 and females as 1.

B Questionnaire II
Which of the following options are you using while playing Pokmon Go? M1.If possible, I turn off services that can be used to collect location data.M2.I have a separate e-mail address, which I only use for games.M3.I use different e-mail addresses for games and social networks.M4.I review, which apps are authorized to access my other accounts (Twitter, Google, Facebook).M5.I reset the advertising ID on my smartphone at least once per month.M6.I forbid Pokémon Go to have access to my smartphone camera and use it without the Augmented Reality functionality.The participants were able to answer the questions with "yes" (coded as 1), "no" (coded as 2), "sometimes" (coded as 3) and "I don't know" (coded as 4).In addition, the same questions as in Survey I were asked with regard to users' demographics and use behavior.

Fig. 3 :
Fig. 3: Relative frequency of the measures taken by Pokémon Go players

Table 3 :
Two-sample Wilcoxon rank-sum and two-sample t test (for actual use) Therefore, categorical variables for group comparisons are created by dividing the scale of continuous variables into two meaningful groups.Categorical variables for group comparisons are created based on the variables age, smartphone experience and educational qualification.This is necessary because they are not binaries like gender.For creating a categorical variable, a threshold is needed that divides the scale into two meaningful groups.

Table 4 :
Regression analysis of privacy concern variables and use behavior (N=683)