Here are all the privacy issues you should be aware of as you catch Pokémon
Niantic’s “Pokémon Go” has, to date, signed up millions of users and added billions of dollars to Nintendo’s stock. Pokémon Go is proving far more successful than any previous augmented reality (AR) game and upending assumptions about mobile game market patterns. What this means from a security standpoint is that many new users are inserting themselves into a world where they may not fully understand the privacy implications of this app.
Tips to protect yourself (as much as possible) while playing Pokémon Go
The most urgent concern when the game came out was an apparent oversight where the iOS version was automatically gaining extensive access to users’ Gmail. Niantic has released a patch for this, but questions remain about third party access to user data in the app, real-life consequences for augmented reality immersion, as well as overall data security protections. The primary security concerns about the game are not over unlicensed clones or malware, but the data the licensed version collects from players, many of whom are minors 13 and under.
Pokémon Go requires permissions for your device’s cameras, contacts, storage, and location (either GPS or network-based). Usernames are publicly viewable, and could be matched up to an actual person standing around in the real world. While the Gmail access issue with iOS is being addressed, for those users who feel uneasy about even limited app access to their email accounts, the most obvious solution is not to pair your main work or personal email with the app. While the app’s own servers are so overloaded that it is easier to just use an existing email, it is advisable that you make a separate Pokémon Go account on an email client.
One of the biggest, and most obvious, concerns about the augmented reality gameplay is that of distracted driving and walking. Additionally, some of the places mapped may be in unsafe areas that criminals could stake out looking for mugging victims, or are spots that, for good reason, are not easily accessible which could compromise some places’ security if mapped out on the app.
However, even these measures will not protect your privacy if you upload gameplay data and pictures to social media sites without taking care. Here, common sense is required more than anything else. Posting an album of screen captures of you wandering about catching Pokémon in a public forum could be used to map out your daily life. Though time-consuming, someone trying to stalk you here wouldn’t need any special tools or expertise. The best defense against this is simply to apply basic privacy settings online and think before you post.
The 2015 hack of toy maker VTech’s customer databases, which contained personal information for parents and children alike, has shown the need for a strong system security here. Concerns remain about this, but are proving manageable, as in the case of Gmail access on iOS. Yet when it comes to the AR experience itself, there are far fewer precedents to build off of because Pokémon Go is actively changing consumer behaviors:
1998: stop playing pokemon and go outside
2016: stop playing pokemon and come inside
— jomny sun (@jonnysun) July 12, 2016