POKÉMON GO: SECURITY RISKS

By Emily Rushton, communications specialist, University Information Technology

Pokémon Go is all fun and games…or is it?

Before you download the popular augmented reality game that’s taking the internet by storm, take a step back and consider the security risks.

“Whether you’re running it on iPhone or Android, the application requests quite a lot of permissions to your phone,” said Corey Roach, enterprise security manager for the U’s Information Security Office, or ISO.

pokemon

This includes access to your phone’s camera, contacts, GPS, storage and network activity. The app also tracks, stores and in some cases, shares your location – a feature necessary to play the game, but one that causes privacy concerns.

Unfortunately, Pokémon Go isn’t the only app to do this. Many of the mobile apps you use on a daily basis also require extensive access to your phone.

“This is not unique or new,” said Roach. If you’re playing a game you’ve downloaded for free, he said, “That company is making money on your information. That’s how they make their money, so they are, of course, collecting as much as they can.”

Users are strongly encouraged to read an app’s privacy policy before downloading and using the app. You may be surprised at just how many permissions you need to grant an app just to use it, such as in the case of the popular fitness app, MyFitnessPal, which requires a surprising amount of access to things like your contacts, precise location, phone status, photos and videos, storage, camera, device ID and more.

Initially, users who created their Pokémon Go accounts using their Google account information granted the app full access to all data within their Google account (things like your calendar, email, contacts, and documents). Due to the extreme privacy concerns this caused, an update was released to ensure the app only collects basic Google profile information (user ID and email address) and nothing more.

Roach recommended users log in and check their Google app permission settings.

“It will show not only your Pokémon application, but also all of the other applications that you’ve allowed to do the same types of things,” said Roach.

Of course, users simply aren’t going to stop playing games – but it’s important to know the security and privacy risks before you play.

“There’s not really a way to play these games safely,” said Roach. “In order to play, you’re paying with your privacy. That’s the agreement you’re making.”