Pokémon GO is Pokémon Grabbing your data

If you haven't been living under a rock then you already know about Pokémon GO the oh-so-addicting game that takes gaming outside. There are already "think pieces" written about it. Dead bodies have been discovered by people getting out to "Catch 'em all." Now some people have discovered that like most apps, Pokémon GO wants to catch all your data, too.

First let me give you a brief history of the company being Pokémon GO. Niantic, INC, the company inside a company (google) had success with it's previous data gathering scheme masquerading as a GPS-based hunting game called Ingress, a sort of capture the flag game in which landmarks, post offices and public art were all designated green and blue portals that could be reversed by the opposing team taking it. The problem with that game (and I speak from experience as I played it for more than a year) was two-fold.

First, I couldn't help but feel upset that in the back of my mind I knew I was willingly allowing Niantic and by extension google to track my every move. And remember the adage: if it's free, you're the product, so make no mistake if they aren't using that data know they will be soon.

Second, the game was frustrating not because of the game play but because of the players. One need only google "reddit ingress cheaters," to see how many results you get. Having reported repeat cheaters in my area I quickly realized Niantic was extremely slow to deal with this issue, or they're just too busy/overwhelmed to care. Once they started with micro-transactions, I quit once and for all. I figure if I'm willingly allowing you to track my every move, providing you with rich data that you can use in any way from where I spend my time, to how to improve maps, I don't owe you anything else.

And while Pokémon GO doesn't have micro-transactions yet, I won't be surprised when they do. What is more currently troubling is the news that when you decide to play Pokémon Go, you are giving Niantic and Nintendo access to your Google account,
and collecting info.

According to Popular Science:

who signed up for Pokémon GO with a Google account (the other option, a Pokémon.com account, is unavailable right now) has perhaps unknowingly given Nintendo and developer Niantic (formerly owned by Google, but still part of Google's investment portfolio) full account access. That means they can see/edit/collect just about anything related to your Google account. Emails, photos, documents, all of your past location and search history: it can see all of this stuff, from even before you started using the app. It can also send emails as you—kind of the number one, red flag, alarm bell hacker opportunity in the digital world, aside from banking.

By the way this affects players on Android as well as iOS. The problem stemmed from the fact Niantic wasn't being clear about what data they could access, and therefore people were signing up willy nilly eager to catch the wave. And it was only until after they signed up did they realize the implications. There's not really an easily solution to this issue at the moment. As The Guardian points out. "Users can choose to deny the app permission to access their Google accounts – although this means no longer playing the game." And even worse: It’s not the only security risk for Pokémon fans. Security researchers at Proofpoint have spotted a malicious version of the Pokémon Go Android app that has been infected with a remote access tool that gives attackers full control over the victim’s phone."

Isn't it funny how many Big Tech companies that offer free stuff constantly make such mistakes like this. It's almost like they do this on purpose to see what they can get away with and then can of course fix the issue--after everyone has already given them access for a specific time. What? Too cynical?

By the way-- just like Niantic's other game Ingress, Pokémon Go already has its share of cheaters. Go Grab 'Em All!

Note: I am aware you can circumvent this entire thing by setting up a whole new google account to sign on for the first time or delete all your progress and start again. If you don't think that's a hassle then be my guest.

Adland® is supported by your donations alone. You can help us out by buying us a Ko-Fi coffee.
Anonymous Adgrunt's picture
comment_node_story
Files must be less than 1 MB.
Allowed file types: jpg jpeg gif png wav avi mpeg mpg mov rm flv wmv 3gp mp4 m4v.
Dabitch's picture

Like I said when Google launched Ingress, you are their digital serf. I wouldn't download Pokemon Go to any device.

fairuse's picture

I told some folks it was a data mining scheme day one. I read about the google account access 'bout the time security tweets popped up. I don't know why the general public, who should know better by now, fall for these marketing/advertising schemes. Right, the implied 'trust us' has worked since snake oil sales.

Over and out. "You Pokymans get off my lawn!", said Uncle while waving an empty whiskey bottle. (SFx: breaking glass)

kidsleepy's picture

People who should know better by now don't know because OOOOOH LOOK, A SHINY OBJECT

Dabitch's picture

Recode reports that Niantic Labs didn't intend to spy on users Google accounts.

We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

Dabitch's picture

The people who should know better are Niantic labs, they've had several years of experience after creating Ingress, how could they make a "mistake" like this?