“We know what you did last summer!
Not only what you did, but where you did it, too.
We can even access your Google account and watch over your life.
Or target you with Ads based on your locations” -Niantic, or Nintendo, or whatever third-party they are collaborating with.
The fuss is just getting bigger and bigger, now that they are officially launching the app worldwide. But, what does it cost you, to “play the game for free”.
Revealing your Google data
To install this game you have to sign in either with an pokemon.com account or your Google account. If you don’t already have a Pokemon Club account, it would be easier for you to share your Google account with the company behind Pokemon Go (Niantic). At first there was a security hole in this login method, now they say it’s patched, but who knows…
Niantic claims this is a mistake, but if it’s not it can read your emails and monitor your entire digital life.
Revealing your location, everywhere, always
It is an augmented reality game that requires your GPS location and a data connection. So, don’t expect your privacy to be preserved while playing this game. What happens to our data, and how much does Niantic really know about us?
Sharing other information from your phone
Remember the blog post about knowing what you allow your apps to do. Well, you should know what you would allow to this app to do, too.
When you install the app, Niantic will ask to collect information from your phone:
- through your camera – augmented reality game
- location – needs your location
- storage access – why would they need that?
- Contacts – the game is a single player, why would they need your contacts info???
Be aware that your data is a business asset to them
Yes, you play the game for free, but there must be a catch. Every free service wants something in return. It’s still too early to tell where they’ll head up to. It can be a great platform for product placement (from a marketing perspective) or a great ads platform. It wouldn’t be anything new, since we are already used to it. But, they will certainly exploit the vast data they now own and profit from it.
What is more, they could influence people’s decisions and shape their behaviour: When businesses (third parties or other) start leveraging Niantic’s data we could expect people headed to locations that are of marketing and sales interest, thus promoting things people don’t need or don’t even know they exist. So, they can be influenced to spend more money, or even vote for someone, or go to insecure places.
Niantic’s “third-party” partners are not publicly known yet, so who knows who might get to use the data in the future or who gets the data now.
If you don’t want your data to be exploited
You can always remove the app from your phone and revoke the permissions that you’ve granted. It’s what we advise you to do, because it’s not worth the risk of hacking their servers and revealing all user’s personal information.
And if you’ve decided to say goodbye to your privacy, watch out for malware
Because of the popularity, people everywhere want to have it. But some of them can’t, because it’s not been rolled out globally yet.
So, they go and get the APK from a non-Google Play link, which can easily get them a malicious version of the app. It can make their phones a victim of hackers that can take over the phone data completely.
It’s not a scare, but a fact that Security researchers at Proofpoint have spotted. They found a malicious version of the Pokémon Go Android app that has been infected with a remote access tool that gives attackers full control over the victim’s phone.
And your offline security
Is it intentional, or not, we don’t know. But, the game sends players to capture virtual Pokemons out to very inappropriate places and locations.
Some of them have found themselves in dark alleys, dangerous neighbourhoods and have been a target of criminals.
So, keep your life safe and be careful when giving yourself to an APP.