While Pokémon Go has taken the world by storm, the app's success has been accompanied by a stark reminder that users need to be aware of the risks that mobile apps can pose to their personal safety.
In the short time the game has been out, it has had a positive impact on hundreds of thousands of people, and neither Nintendo nor Niantic are complaining about the impact that Pokémon Go has had on their bottom lines.
However, Pokémon Go uses location services to create a virtual map on a user’s smartphone screen, a map that corresponds with the user’s actual physical location. Users can watch their onscreen avatar walk through the streets, hunting for Pokémon and searching for in-game gathering spots: PokeStops (where users can replenish their supplies) and Gyms (where users can test their Pokémon in battles against other players).
While users flock to those locations as part of the game, there has been at least one instance of criminals using their knowledge of PokéStop and Gym locations to target their victims. In O’Fallon, Missouri, a group of young men drove from one PokeStop to the next, stealing smartphones from unsuspecting gamers.
Pokémon Go has also been the center of a privacy nightmare around the permissions that the game originally requested for users’ Google accounts. When a user logs into the game, that user can choose to use one of two login options: a Pokémon Trainer Club account or a Google account. If a user choses to login using Google, the app requested that users grant Pokémon Go FULL ACCESS to that user’s Google account.
Full access. As in, no restrictions. As in, read email, send email, post YouTube videos, access files in Google Drive… you name it.
This permissions issue has already been corrected, and Niantic insists that they only used that access to read basic profile information. However, cybercriminals could potentially abuse that access to do much more than just read a gamer’s name and email address. (What’s worse, users who installed the app before the fix may still be exposed.)
Do either of these risks mean that you should delete Pokémon Go from your phone, throw your phone in a river, and run screaming the other way? None of these are necessary if you follow a few basic security tips.
- Be aware of when your phone is using location services, and avoid traveling to isolated areas or areas where you might be vulnerable to attack.
- Don’t download apps from untrusted app stores. Stick to iTunes and Google Play to avoid malicious versions of popular apps.
- Review the apps connected to your Google Account and revoke excessive or unnecessary access.
- While you’re at it, do the same for your Facebook and Twitter accounts. Neither service has anything to do with Pokémon Go (yet), but who knows what other apps might have access to your data?
It’s okay to have fun playing Pokémon Go. If you’re careful, the fun can last even longer.
Stay safe out there!