The mobile app is a global phenomenon. But is it potentially risky for your personal data and cybersecurity?
Fans have been catching Pokémon since 1996. What began as trading card game soon became an exhaustive franchise of figurines, graphic novels, Nintendo Game Boy games, a TV series, several movies and all kinds of miscellaneous merchandise (including McDonald’s Happy Meal toys). Now, the popular millennial franchise is experiencing resurgence. The mobile app, Pokémon Go, is a global phenomenon.
It’s easy to play: download the free app using your a) Pokemon.com account or your b) Google account; create a character; train, battle, and “catch ‘em all” while meeting real people, visiting real places, and connecting with your town or city in a way that you never have before.
Pokémon Go is a joint project between The Pokémon Company (owned by Nintendo) and Niantic (part of Google’s Alphabet Inc.). According to the Wall Street Journal, the app has added over $9 billion in market value to Nintendo since its launch last week!
The app is fairly exclusive so, naturally, everyone wants to be included. Because the app is only available in the U.S., Australia, and New Zealand, mobile users around the globe are getting antsy (and creative) about what to do while they wait for an official release in their own country. In fact, Canadians are creating new iTunes accounts and changing their “Language and Region” settings in order to access the U.S. iTunes Store.
Comfortably seated at No. 1 on mobile download charts for both iOS and Android users, the app has made virtual reality mainstream, prompting users to get off the couch and go explore the real world, but through a virtual lens.
However, people can collect a lot more than Pokémon.
With any new internet phenomenon, comes complementary dangers. While the app doesn’t cost any money to download (save in-app purchases), it could cost users more valuable currency: personal data.
But, it’s just a game, right?
There are two aspects of the application that make it potentially risky:
Data Sharing apps are far from uncommon and Pokémon Go is no big exception. Once downloaded, these applications request permission to access data stored in your phone. These apps then send data outside of the apps, sometimes with a warning and sometimes without.
Geospatial Intelligence Gathering is “data attached to a certain geographical location at a certain time.” The game relies on your exact location in real time. Additionally, users are publicly reporting where they’re going to be before they get there (adding user-generated data). Virtually anyone playing the game will have access to your future location.
You probably don’t realize how many apps are storing your personal data, especially social media apps like Facebook, Twitter, and Instagram.
One Cybersecurity expert discovered he’d unwittingly granted Pokémon Go full access to his Google account: location, address book, calendar, contacts, everything.
Politicians are beginning to voice concerns over privacy violations that have arisen from data collection policies.
The danger could also be physical, instead of virtual. The app’s geolocation feature has been used by armed robbers to lure victims into traps.
The key to avoiding privacy threats and security risks is to a) be aware of them and b) practice Internet-safe behavior.
Before you catch Poké fever, it might be worth modifying the permissions for each app on your mobile device. This can easily be done through user settings. And for those anxiously awaiting the app launch in their respective countries: patience.
“Get Up and Go!” or no-go?