Skip to Content
July 27, 2016 Article 2 min read
Addictive as it may be, the Pokémon GO app accesses players' mobile phone GPS and camera, which poses cybersecurity risks to users. These eight steps can help you and your family play safely.

With more than 30 million users, the Pokémon GO app is breaking download records and beating Facebook, Twitter, and Snapchat in the pace of adoption.

While almost everyone seems to be aware of the new craze, many don’t understand the cyber dangers the app presents and the treasure trove of real-time personal information they’re sharing with Niantic, the app’s developer.

To play the game, Pokémon GO requires access to a player’s GPS and camera, which already presents cyber dangers. Even worse, it requires Apple device users who log into the app via their Google accounts to give “full account access” to the developer — this means access to Google account emails, contacts, documents, and photos.

While this might sound unbelievable, Niantic confirmed these claims when it issued a response stating it had “recently discovered that the Pokémon GO account creation process on iOS (i.e., Apple devices) erroneously requests full access permission for the user’s Google account.” On July 13, Niantic released an update that fixed the problem; however, Pokémon GO still has access to an Apple user’s email, GPS, and camera. Android users provide even greater access, including contents of the USB storage on their devices.

What’s Niantic doing with the information? No one is really sure, but if you read the game’s 20-page privacy policy, which I imagine few players do, the company states that it “may share user’s information with third parties who may not have agreed to abide by the terms of this Privacy Policy…third parties could be unspecified private parties.”

Putting conspiracy theories aside, GPS and photo data have high marketing value.

If the risks of Niantic having player information isn’t enough, there’s the added risk of Pokémon posers: fake websites offering Pokémon add-ons like Pokecoins and “power ups.” To access the add-ons, personal information, including access ID and passwords, is collected.

The game is so addictive that users often forget common cybersecurity sense, and hackers are capitalizing on it. And if grown, educated adults are falling prey, consider the risks to children who share their location and interact with strangers while playing the game. If you’re a parent, consider following these tips to help protect your child:

  1. Understand the app. Download and play the game so you understand what your kids are doing and know the risks.
  2. Talk about strangers. Make sure your kids understand that Pokémon players are still strangers and that “stranger danger” rules still apply.
  3. Beware of Pokestops. Advanced users can set up Pokestops, or lures, which share a location for players to catch a Pokémon. While this is the interactive, fun part of the game, what’s stopping a predator from setting up a Pokestop to lure in children?
  4. Use location tracking. Turn on location tracking when your kids are playing the game. Even if you’re close by, it’s quite easy for kids to walk away to catch a Pokémon.
  5. Limit in-app purchases. Kids can forget spending boundaries while playing the app. Limiting in-app purchases could save you a big credit card bill.
  6. Reset default privacy settings. Review the phone’s privacy settings and limit access.
  7. Choose a unique password for your account. Remember that if you use the same password for multiple accounts, if one account is hacked, others could be at risk.
  8. Stay current. Make sure you’re running the latest version of the app. If you’re playing with an outdated version, you’re vulnerable to the privacy issues present in the app’s earlier version.

Now get out with your kids and safely play Pokémon GO. A monster could be getting away!

This article originally appeard on Crain's Detroit Business >>