I Clicked That Game Once & Now Google Knows Everything About Me

Mojang’s Minecraft and Blizzard’s World of Warcraft are what we call massively multiplayer online (MMO) games that boast millions in subscribers. These games build in-game economies where virtual items and currency can be earned as rewards that can be traded with other gamers. Unfortunately, gaming since becoming one of the world’s fastest-growing industries has also become an enabling platform for privacy violation, hacking, and cybercrimes.

The Threat to Online Privacy Is Real and Warrants Counterintuitive Action

If you thought you need to fear only hackers, you’d be shocked to know that the most prominent technology companies in the business are filtering and sharing your personal data and building personal profiles while you’re clicking merrily online. Yeah, Google and many other biggies now know more about you than you probably do yourself.

What is forgotten is that even as visibility, credibility and brand awareness are vital to any business, the product’s rollout (in our context, the intrusive gaming app) can’t afford to contravene existing privacy norms that protect consumer interests.

The fears that unfettered access by tech companies to personal user information can be misused are not entirely unfounded. In 2015, 1800 usernames and passwords of Minecraft gamers were leaked online, and it’s still unclear how the hacking was accomplished.

Though one may dismiss 1800 as a drop in the ocean, the harsh reality is that there are people that are willing to pay serious money for user information that could create an opening to steal rare in-game items and valuable add-ons that regular gamers have accumulated through their hard work.

How GDPR Became the Game Changer in Protecting Online Privacy

If you’re wondering why all of a sudden your inbox is humming with advisories saying “Here is an update to our privacy policy,” there’s a reason behind this. The General Data Protection Regulation or GDPR is a new privacy regulation that’s in force in the European Union, and American tech companies big, small, and mighty are scrambling to comply.

Under the GDPR regime, people can request companies to disclose online data that companies have gathered about them. From now onwards, businesses can collect personal information only by adhering to a robust protocol that’s already ringing alarm bells across small businesses, local organizations, and big guns like Google and Facebook.

California’s Path-Breaking Digital Privacy Legislation

Readers will be heartened to know that California became the first American state to pass a digital privacy law in June this year. That the new law is sweeping in its regulatory nature would be a gross understatement. Under the law, consumers can now demand information that tech companies are collecting about them, ask why the data is necessary, and require to know the companies sharing the info.

You can also tell the company which data can be shared and what can’t be sold or shared. Moreover, by opting out of information sharing arrangement, the company can’t deny you better quality services.  

Interestingly, under the new law, companies will find it more difficult to share data that involves an audience which is under 16 years.

Now, It’s Children That Have Become Most Vulnerable to Privacy Violation

The “I clicked That Game Once & Now Google Knows Everything About Me” netspeak is becoming a significant threat when it comes to protecting the privacy of the younger generation below 16 years.

New Mexico’s attorney general recently filed a lawsuit alleging that the makers of the immensely popular kids racing game “Fun Kid Racing” violated children’s privacy through Android apps that blatantly shared sensitive children’s data. In the dock are major tech companies that are accused of not policing themselves adequately:

Tiny Lab Productions (“Tiny Lab”): Lithuania based mobile game developer that releases the “Fun Kid Racing” app among a slew of gaming apps figuring as children’s downloadable apps in Google Play Store and the Apple App Store. The company markets these apps and contracts advertisers and ad networks who embed advertising software into the gaming apps while integrating social media platforms into the apps.

Tiny Lab’s marketing partners provide Software Development Kits (Or SDKs) that are codes embedded in the gaming apps which transmit the child’s personal information directly to the advertising company. This information collected over a period forms the basis for rolling out campaigns that track online behavior, profile the child, and enable children to be shown advertisements that are more personalized to their individual browsing habits.

Twitter, Inc. and MoPub, Inc.: MoPub is Twitter’s mobile-centric advertising platform which monetizes and implements Twitter’s online advertising strategies using its SDK embedding.

Google, Inc. and AdMob, Inc.: AdMob is Google’s mobile advertising unit that embeds SDKs in various gaming apps figuring in Google Play Store, one of them being Tiny Lab’s “Fun Kid Racing.”

The lawsuit accuses the app maker, Tiny Lab Productions, Google, and Twitter along with associated companies of misleading consumers by placing gaming apps in the family section, and of sharing personal data of children under 13 with advertisers. This info could potentially land up with child predators, hackers, and manipulating marketing agencies.

By Systematically Undermining COPPA Compliance, Companies Are Violating Children’s Privacy

In the US, the Children’s Online Privacy Protection Act (COPPA) lays down guidelines that regulate how companies are allowed to collect information through mobile apps, gaming software, and websites. These guidelines apply to an audience that is under 13 years. Many collection initiatives are entirely banned while others require some form of parental permission.  

The New Mexico lawsuit alleges that gaming app companies and their host platforms such as Google and Twitter are using data purely for commercial gain while they neglect to collect verifiable parental consent for their data collection and sharing activities, which is in direct violation of COPPA regulations.

The Real Reason Why Children Are Tracked and Profiled by Gaming Apps

Children below 13 lack the buying power of older gamers, and it’s an arduous task getting kids to source money, a move that demands parental permission and control. Thus, gaming companies lose out on resources that could enable additional game item purchases and upgrading of favorite games to higher levels. To make up for their revenue loss, gaming companies sell children’s information in violation of privacy protocols to third parties using in-game advertising that collects the data through game-embedded SDKs.  

Children and parents think gaming apps are harmless and innocent digital equivalents of puzzles, block-building, and books, but the harsh reality is that companies are filtering personal information through embedded SDKs. Companies are busy building a vast database that can be manipulated for targeted children’s advertising. The SDK allows the gaming app to directly communicate data on children’s browsing habits to the advertising company without any control over how the information is actually used.

The Dark Underbelly of Unfettered Private Data Collection: Hacking and Identity Theft

If advertisers are uninhibitedly collecting personal information of gamers, hackers are more focused on the gamers’ credentials. A simple Google search of any popular game along with the words “cheats” and “hacks” will turn in a long list of SEO optimized pages that are loaded with ads, surveys, and free downloads that offer a conduit for hackers to embed malicious software on the gamer’s hard disc.

With one click you could be positioning spyware that tracks your browsing habits or malware that steals your keystrokes and passwords. Hackers armed with passwords gain access to the user’s account, ready to perpetrate a clutch of online frauds.

The net is rife with instances of stolen in-game items, rare gaming features that have been held for ransom, and unverified credit card payments that reflect purchasing done by unknown third parties. To a hacker, a stolen password, credit card details, or account particulars become the gateway to significant cash pilfering.  

The main problem with online gaming circuits is that a lot of personal information – names, birthdates, mobile numbers, email addresses, social media IDs, and credit card accounts – are all up for grabs. This kind of information turns out to be more powerful than the game itself and offers hackers a rich foundation to invade the gamer’s privacy.

How Do Parents Ensure Their Gaming Children’s Privacy and Security?

With the multiplicity of access nodes – personal computers, gaming consoles, handheld devices, smartphones, and tablets – gaming has become a fast-growing industry attracting people of all ages, descriptions, and inclinations. Unwittingly, we are also setting the stage for cybercriminals who that are hell-bent on stealing user data, breaking privacy, and planting malicious malware. Here are crucial tips that can tilt the balance in your favor by blocking the data privacy breach and preventing gaming-related dangers:

  • Dedicated gamers rarely use their real names, addresses, and birthdates. Besides, what do we actually gain by sharing this kind of information? As for providing an email address, use an account dedicated exclusively for gaming and unconnected to your regular email IDs. In short, we provide data that can’t be linked back to our real contacts, bank accounts, and social media IDs. For extra protection, use randomly generated virtual credit card numbers or prepaid cards.
  • Visiting unverified websites and downloading software from unknown third parties can be very dangerous. Also, refrain from using your unique gaming credentials when you’re logging into third-party sites and gaming apps. Tweak your privacy settings, so you control who views your profile.
  • If you’re a serious gamer, consider opening a pre-funded bank account exclusively to facilitate in-app purchases. Keep only enough funds to affect buys and don’t use the account for any other activity. PayPal, Virtual credit cards and pre-funded cards are different ways of paying online without leaving a trail leading to your personal account. Keep track of online spending by synching payments to bank statements to rule out unverified purchases.
  • Read up on how to stay safe while gaming online so you can protect your child’s privacy and ensure that gaming doesn’t pose a threat to the child in any way.  


Gaming has transformed into a major industry boasting multi-million subscriber platforms and an economy that rides on billions of dollars in investments, each innovation promising the next big thing. More than ever before, gamers are willing to spend serious money to upgrade to more sophisticated games, and leverage in-game features and add-ons for cash.

But the same gaming frenzy poses a counter-threat from gaming companies that invade user privacy and hackers out to compromise user credentials.

Fortunately, the legal framework is tightening the screws on errant companies that were flouting privacy concerns with impunity. But the empire is fighting back with a vengeance. Already, Facebook and other tech giants are lobbying hard to influence a Federal law that could override the California privacy regulation or at least dilute its power to control privacy violation.

About Author