6 ways Pokemon Go players showed they just don’t care about security

Last updated: 08 August 2016

Pokemon Go twitter

Pokémon Go is on its way to being the most popular mobile game of all time.

It’s already reached that milestone in the U.S., and it’s dominating every market in which its available. It’s united casual gamers, fans of the original series, their partners, parents and friends. It’s also brought augmented reality into the mainstream – something that only Snapchat has done before with its face-altering lenses.

Yet the game has been dogged by security issues since it launched, affecting people’s physical and digital security. Due to its popularity though, no one seemed to mind—and though many concerns have been patched and addressed—the launch is a salient reminder that when something popular sweeps the world, people are only too happy to throw caution to the wind.

In their quest to catch them all, here are the top 6 ways Pokémon Go players ignored common sense and jeopardized their security.

Basic awareness

When the game launched, a fake news story was published claiming that a player had caused one of the worst highway accidents in history. It didn’t take long for this to become reality. Three cops had a lucky escape when a player careened into their parked car. Fortunately, they were on the sidewalk and were unharmed.

Child neglect

While leaving your car running, unlocked to catch a rare Pokémon is stupid, leaving your child outside in the summer heat unattended for hours with no water while you search for Pikachu is inexcusable. Unfortunately, this happened in Arizona and upon the couple’s arrest, the local sheriff labelled their actions “beyond comprehension”.

Caught off guard

Since launch, many incidents have been reported about people ending up in the wrong part of town, lured to a place that they wouldn’t go normally, and being robbed.  There seems to be something about the wanderlust of the game, making people see that “Pokéstop” in the distance and walking over just for a chance to progress a little further.

Digital security

Pokémon Go launched in Australia and America initially, and people from other countries were desperate to play it. For iPhone users there was a workaround that tricked iTunes into thinking your phone was registered in the U.S. or Australia. For Android users though, it was a lot simpler.

Thanks to side-loading, players could download a copy of the game from the U.S. or Australia, and install it themselves – bypassing the Google Play Store. The only thing was, many of these non-official downloads were riddled with malware that infected thousands of phones. Among other things, hackers gained access to all contacts and messages, and the ability to call premium rate lines without the player knowing.

People have been warned about the dangers of side-loading, and generally understand they shouldn’t, but when it comes to Pokémon, nothing will stand in their way.

Granting permissions

When you download an app, you are now told exactly what the app will do. Sometimes you download a game, and it asks for access to your photos or call logs. This is a warning that you should probably steer clear, as a mobile game generally has no need for this.

However, Apple users accepted, without thinking, the permissions requested by Niantic. By accident the game’s makers accidently requested many more permissions than it needed concerning players’ Google accounts. Though just a name and email was required to make use of the geo-location features, the game opened up a whole lot more, including the ability to:

  • Read all emails
  • Send email from the player’s account
  • Access all Google drive documents, including the ability to delete them
  • Access both your search history and Maps navigation history
  • Access any private photos you may store in Google Photos

Fortunately, the game’s developers noticed this, confirmed the app did not do any of these things and issued a patch to remove the excessive permissions. However, this again brings to light just how easy it is for an app to gain access and control your data if you’re not careful. And it shows people pay about as much attention to this as they do to terms and conditions.

Privacy considerations

Many people state they value their privacy and turn off location and other tracking services. But Pokémon Go requires an awful lot of potentially sensitive data to be sent to back to the game’s developers – name, age, email, location. Some have questioned what Niantic plan to do with the data. In the privacy policy that players gloss over, Samantha Allen from The Daily Beast says that Niantic can “hand the data over to law enforcement, sell it off, share it with third parties, and even store it in foreign countries with lax privacy legislation.”

Further, this enormous database is highly attractive to hackers, and if stolen, could result in massive identity theft cases. Security experts are pressing Niantic to learn how the company encrypts and stores the data, but they are wary that the runaway success of the game might have come as too much of a surprise for the developer, and that they haven’t properly taken security into account.

Pokémon Go is a great example of how people disregard their own safety for something they like. Niantic now posts warnings not to play and drive, to look where you’re going and to be safe when playing, but one thing’s for certain—you haven’t heard the last about the safety and security of players yet.

Leave a Reply

Your email address will not be published. Required fields are marked *