Pokemon Go security risks

We’ve all seen legions of kids and adults roaming the streets of our towns playing the latest gaming sensation Pokémon Go. Since its release, the game has been downloaded nearly 20 million times, and it’s now being introduced all over the world. The United Kingdom and Canada were the most recent countries to join in the craze.

Of course, like any app you download through iTunes or Google Play store, you should be aware of the security risks that come along with the fun of playing the game.

Pokémon Go uses GPS to track users and deliver the real-time 3D game experience. The company that built the game, Niantic, is tracking gamers and collecting data on where they go, how they got there, and how long they were there. There’s little doubt that the company will use that information in the future to monetize the app.

In addition to GPS driven data, the game’s privacy policy states the company is collecting your email address, IP address and the web page you accessed before logging into the game.

For those logging into the game through a Google account, an initial version of the game also gave Niantic complete access to user accounts, including the ability to:

  • Read and send email in Gmail accounts
  • View photos in Google Photos
  • Access your Google Drive documents

However, after an uproar that even included comments from concerned federal officials, Niantic and Google both released fixes that no longer provide that level of account access. For its part, Niantic said the issue was a mistake, and the company never meant to access Google accounts, nor were any accounts accessed.

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” the company said in a statement. “Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO's permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

Know what data your apps are collecting

The controversy should shine a new light on what kind of data we are authorizing companies to collect when we download a new app or software to our devices that also contain sensitive data. While no one realistically can be expected to read the terms of use that come with just about any app download, there are shortcuts to determine the data you’re giving up.

Apps such as PrivacyGrade assess the apps on your device and delivers a grade based on the amount of data a user would expect the app to collect. For instance, an app with an A grade in PrivacyGrade is collecting an appropriate amount of data. Lower graded apps are collecting data solely for the purpose of selling that information to serve users advertising based on that data.

For business owners, keeping an eye on the apps downloaded to company-owned mobile devices is of utmost importance. Opening up access to sensitive information regarding your business immediately puts your company at risk.

Chicago IT consultant BKS Systems can act as an off-site IT department that will manage the security of all of your internal and external devices. We work with small to medium-sized business across the Chicago area, offering all-inclusive IT services, cloud based backups and storage, spam and virus filtering and monitoring, endpoint management and Microsoft Office 365 support. Contact us today to discuss how to keep all of your company’s data and information secure!