The story of Pokémon Go makes an excellent case for the current reality in IT: we are living in a mobile world. Mobile technology is becoming one of the key competitive advantages an organization can have in their IT landscape. Using mobile technology, organizations can obtain new kinds of engagement from both their employees as well as their customers. To gain the maximum possible from this new technology however, an organization must be well-prepared from a cyber security perspective.
In the early summer it was not an unusual sight to see people staring more intensely at their phones all over the world. Not because of the usual and clumsy activity of checking e-mail or messages while on the go, which we have become sort of used to by now, but because of the hunt they were on – a hunt for Pokémon. It was hard to miss the Pokémon Go hype: by installing an app on your iOS or Android smartphone a world of wild virtual monsters called Pokémon was overlaid on top of the real world. The hype was not restricted to school-going children and teenagers –two generations of young professionals who were brought up with Pokémon and are now our clients and colleagues were also taking part. And that is a good thing, as these are the generations that will help us make sense of an increasingly mobile world.
Pokémon Go’s hype is an excellent case to discuss the new mobile world we find ourselves in. A world in which organizations can reap dramatic benefits in areas such as customer and employee engagement, productivity and the opening up of new ways of working. But these benefits can only be achieved when the organization also successfully addresses new and related issues of mobile cyber security and privacy. In this article we will take a brief glance at addressing these issues based on the Pokémon Go case study.
It might be difficult to see how a mobile world is significantly different from the digital world that we have known for a few decades now. After all, are the concepts of a mobile world not just the same old concepts of a different world in a different disguise? Looking at the buzz around Pokémon Go, this is clearly not the case. With your smartphone camera ready, every building, park, museum and other landmark becomes riddled with little fantasy creatures to collect. It is up to the player to collect as many of these creatures, or catch ‘em all. And – for a period of a few weeks – this concept took off extremely well. So well in fact, that some places such as museums and hospitals had to actively keep Pokémon hunters out to keep order. You have probably seen the groups of players yourself. Within a matter of days after launch, Pokémon Go surpassed the popularity of both Twitter and Tinder, both ‘established’ brands in mobile. Clearly, Pokémon Go’s unique formula of combining the 20-year-old concept of Pokémon with new possibilities in augmented reality struck the right chord. It clearly demonstrated a concept that was not possible 10 years ago, allowing enthusiasts to enter a virtual world within their own (real) world, integrating the gaming experience into their daily lives. It showed that mobile technologies have the potential to affect every part of our daily lives, wherever we are and whenever we want. Everything is mobile, mobile is everything.
Mobile is Everything
Not coincidentally, the concept mobile is everything was also the slogan of the most recent Mobile World Congress (MWC) in Barcelona. The Mobile World Congress is the premier event in the world for mobile technology, as key mobile technology vendors and service providers come together to showcase their products and future vision. The slogan mobile is everything proved an excellent summary of the direction technology is taking in two ways: first, as stated before, mobile is everything because mobile allows the digital world to apply to every part of our lives. Not just through our smartphones and tablets, but also through wearable smart devices like smartwatches, health trackers and digital assistants; through Internet-of-Things devices that make your home and workplace smart and more adaptive, controlled through your smartphone or tablet; through improvements in virtual and augmented reality technology that allow us to reimagine existing places and landmarks in different ways. The second meaning of mobile is everything is more subtle but has an even greater impact on our services: although mobile technology is often seen as different from ‘traditional technology’, this is an arbitrary and nonsensical distinction. What we used to call mobile technology is rapidly replacing traditional technology (e.g. your Windows laptop now has a touch screen and runs the same ‘apps’ as a Windows phone does), and traditional technology is adapting to what is traditionally considered a mobile use case (e.g. SAP is focusing their strategy on an app-first enterprise). What we call mobile technology is just tomorrow’s technology with a different name.
Besides creating a new gaming experience, Pokémon Go also introduced a new business model for its creator. In Pokémon Go, advertisers can purchase virtual “lures” that will attract rare Pokémon to a location of their choosing, allowing organizations to draw crowds of players to their shops/offices/venues. How convenient it is to catch an exotic virtual creature, while running for errands at the same time! Examples like these show that the mobile is everything vision is not a far-fetched, speculative vision of the future. The future is already here (and people are making serious money out of it). At the peak of its hype, Pokémon Go was known to be used as an argument for such grand things as the sale of houses, or the selling of insurance policies. And it worked – because it was a way to engage a crowd that was not targeted before.
Engaging Your Organization
Engagement through mobile technology also applies to employee engagement: digital services provided by a workplace are known to engage newer generations in their work more than ever. Newer generations of employees – including the ones who were thrilled when Pokémon Go was released – have grown up with modern technologies and expect their employer to provide (at least) the same speedy, convenient and shiny tech at work as the ones they have become used to at home (or anywhere else for that matter). Offering employees a compelling mobile work environment, and therefore creating a match between the work environment and modern lifestyles, has become a must for ensuring employee satisfaction and high employee engagement.
A High-Tech Braking System
It sounds exciting. Mobile technology will enable a faster-moving, smarter world, with opportunities for higher employee and customer engagement, more efficient work and new business models. It is a fast-moving train that everybody should hop on as soon as they can. Or should they?
Before jumping on a high-speed train, one must first know that its components are working well. To move fast, the train should have a good engine, but it should also have an excellent brake system. After all, without well-working brakes, the train cannot possible achieve its maximum speed safely without causing disaster. In this analogy, mobile technology is the new, potent, high-tech engine. But its brake system is cyber security and privacy: the necessary precautions that allow us to go fast in the first place.
When Pokémon Go was launched, it did not launch globally. Due to the immense popularity and the required infrastructure for this popularity, it took two weeks for the app to launch in various country-specific app stores across the world, including the ones in the Netherlands. This did not stop hundreds of thousands of avid Pokémon fans installing the app in unofficial ways however; with some tech-savviness one can easily install application packages downloaded from random internet sources on Android devices. Needless to say, it was a matter of hours before cyber criminals started spreading malware-equipped versions of Pokémon Go across the internet. Due to severe shortcomings in the availability of security patches for Android devices, many pieces of malware were (and still are) able to obtain complete control of infected devices. To this day, there will be thousands and thousands of Android devices compromised in this way and under the control of hackers, including devices that have access to sensitive enterprise data.
There were more problems for Pokémon Go’s developers. Pokémon Go used Google to provide authentication services for the app, in order for users to set up an account that kept track of the Pokémon the player has collected. On the iOS version of the app, the developers requested the user to give them complete access to their Google account. This would open up the player’s Google search history, personal e-mail and location history to the Pokémon Go developers. A clear privacy breach, that took a few days to be resolved. The reputational damage to the Pokémon Go developers had already been done.
These issues could have been resolved had the developers employed a more effective mobile strategy. A mobile strategy that takes into account a secure deployment and distribution program. The distribution program would take into account mitigation measures for hijacking the application using malware. And it would comprise a secure software development lifecycle to prevent and test for (severe) programming errors from causing security and privacy issues in the first place. Clearly, Pokémon Go was a fast-moving train with faulty brakes.
To prevent our own clients having faulty brakes, our cyber security team is focusing on improving the mobile strategy for our clients. Having a formal mobile strategy is a rarity in practice; mobile strategy is typically integrated in a broader technology strategy and tends to focus on cost-saving and enhancing sales channels. Employee productivity, cyber security and privacy issues are not a common component of these strategies. Helping our clients to integrate these issues with their own business goals is a key component of our professional services. Developing a mobile strategy is supported by assessing privacy and security requirements, monitoring the continuous changes for these requirements in a mobile world, and implementing technology purchasing plans, cloud strategies and secure development lifecycles.
An End to the Hype?
It is both ironic and exemplary that the hype surrounding Pokémon Go is fading. Statistics show that Pokémon Go has lost millions of users since the peak of the hype, and that numbers are continually dropping. The drop in active players is most likely due to game mechanic issues rather than severe shortcomings in a mobile strategy, and it is not out of the question that the hype will flare up again as the developers add new gameplay mechanics. Regardless of this fading hype, even with ‘just’ tens of millions of users left, Pokémon Go is still a resounding success.
Although the hype for Pokémon Go has ended, this does not stop the application from being a prime example of a new mobile world. Filled with tremendous possibilities in new technologies, new business models, and new ways of engaging users, Pokémon Go shows that every organization should concern itself about a mobile strategy to stay relevant. And it also shows that cyber security and privacy must be an integral part of that mobile strategy, as there are widespread consequences when this is missing. KPMG is already playing in this mobile world – and we are calling on all of you to join too!