Pokemon Go is one of the best augmented reality games on the market. But despite the popularity, the game has received a negative reputation from the security point of view.
Rumour has it that Pokemon Go collects more than enough players’ data. Experts have found that the game asks some quite suspicious permissions. For example, you have to grant full control over your Google account.
Statistics show that there are at least 27 million active users on Pokemon Go in the United States. That means over 27 million Google accounts could be facing some questionable risks.
Potential Risks Tied to Pokemon Go
The first one to direct some attention to this issue was Adam Reeve, the Principal Architect at RedOwl. He warned Pokemon Go players about the suspicious authentication glitch. It allowed the app to take permissions without the user knowing anything about it.
There are two ways to log into the Pokemon Go app:
- creating an account at pokemon.com
- using your Google account
Since the second option is much quicker, most players tend to opt for the Google account as their preferred way of authentication. After all, it is easier to use Google rather than to take time and create a new account. But there are risks tied to this method of authentication. It relates to the permissions Pokemon Go takes along the way.
As Reeve pointed out, the authentication process in the Pokemon Go app is almost instant. The user gets redirected so fast that they don’t even get a chance to see the permission the app takes from Google. If you go back to check the permissions later, you could see that the app has full access to your Google account.
“Let me be clear – Pokemon Go and Niantic can now: Read all your email; Send email as you; Access all your Google drive documents (including deleting them); Look at your search history and your Maps navigation history; Access any private photos you may store in Google Photos, and a whole lot more,” explained Reeve.
He also added that the whole security flaw could be a result of Niantic’s carelessness instead of a planned scheme. It is unlikely that Niantic is involved in planning massive data theft. After all, they are one of the most reputable software developers in the industry.
How to Secure Your Data and Devices While Gaming?
While some security measures apply to all players, not everyone faces the same level of risk. The app requires access to the Google Account only on iOS devices. It means the players who use Android don’t have to worry that much about Google account security. But they’re not completely off the hook.
The app requires a different set of permissions on Android. It includes the following:
- to take photos and videos,
- read and use accounts on the device,
- access the SD card,
- use Google Pay.
These permissions are more than enough to raise concerns.
The best way to secure your data and devices is to check all permissions and revoke access to the unnecessary ones. Or grant that permission only when the app is in use.
What’s more, take those few minutes and create a Pokemon Go account on their website rather than log in via Google. That applies to all apps and services, not only game apps. It can safeguard your account in case of a data breach.
Also, consider using NordVPN when playing the game. It encrypts your connections to the internet, securing data in transfer. And it can help with location spoofing too.
Watch Out for Other Security Risks
It’s important to note that this particular security threat appeared back in 2016. Niantic promised to solve the issue, and they may have fixed the oversight already. But there are always other security risks you should watch out for.
Anyone who’s playing Pokemon Go is bound to share their metadata within the server. It can raise concerns about data privacy. One way to avoid any unpleasant surprises is to encrypt the data in time.
As far as the security of Pokemon Go goes, there haven’t been any data breaches or threats so far. So it’s not worth raising panic and quitting Pokemon Go yet. But do keep security in mind when using this or any other app and service.