Here's How You Can (Maybe) Stop Pokémon Go From Harvesting All Your Data

Kazuhiro Nogi / Getty Images

Pokémon Go is a new augmented reality game based on the Japanese children's franchise, using the phone's camera and location tracking to direct users to capture the game's cute lil' monsters. The game's incredible popularity since its release on July 6 seems poised for it to return Pokémon to its late '90s glory days as a world-conquering brand. But as millions of teens and their parents navigate their cities in flocks searching for Pidgies, questions have emerged about the data it collects from your phone and personal accounts, and what it's doing with that information.

TechCrunch discovered some tweets from security engineer Jason Strange, who pointed out the unusually high number of permissions Pokémon Go makes for accessing your information. Strange compared it to Ingress, another augmented reality game created by Niantic, the Google-owned company which developed Pokémon Go.

@Viss @da_667 this plus "camera", just enough to remind me not to install it :) pic.twitter.com/dGNhKpjDxj
— dade (@0xdade) July 11, 2016

@openfly @Viss @da_667 without camera it has nearly identical permissions to Ingress. Heh. At least pokemon doesn't run at startup (yet)
— dade (@0xdade) July 11, 2016

Any data on you held by Google is a potential goldmine in tailored advertising, and as we know from Edward Snowden's leaks, is also tracked by NSA's PRISM program, which taps directly into Google's servers.

The most immediate threat for Pokémon Go users is the danger of being hacked. Players who sign in to the game with their Google accounts are allowing Niantic full access to those profiles. And as Adam Reeve outlines on Tumblr, yes, that means they can read your email, browse your Google drive, essentially access any part of your life you use Google for. The most chilling part is that it's totally unnecessary: "[W]hen a developer sets up the 'Sign in with Google' functionality they specify what level of access they want - best practices (and simple logic) dictate you ask for the minimum you actually need, which is usually just simple contact information." Perhaps it's unlikely that a Niantic employee will steal your identity. But as high-profile hacks of Sony and Ashley Madison have shown, no company that claims to value your privacy and discretion is immune.

While you can block Niantic from accessing your Google account, Twitter users weren't happy with the prospect of giving them access in the first place.

if I weren't so genuinely in to Pokemon this might cause me concern but hey not me https://t.co/VF1IMceW8y
— el-p (@therealelp) July 11, 2016

weird thing abt PokemonGo getting full goog account access is that iOS showed no permission dialog. goog should just revoke their app tokens
— yan (@bcrypt) July 11, 2016

*Puts on tinfoil hat*

Pokemon Go has full access to your Google account information unless you go in to Google and restrict it.
— John F. Hennessy (@Flames_Baldwin) July 11, 2016

can i get the pokemon go people to copyedit my google drive docs because that would be worth it tbh
— RUSS BENGT$ON (@russbengtson) July 11, 2016

Sorry Team Blue, I had to restart Pokemon GO because Google login grants "Full Access" because we live in a garbage surveillance state.
— Erik Hinton (@erikhinton) July 11, 2016

Update, 7/12/16: Niantic has issued a statement to Polygon about Pokemon Go's access to user information, and Reeve's Tumblr post has been challenged by cybersecurity experts.

Here's How You Can (Maybe) Stop Pokémon Go From Harvesting All Your Data

Update: The game’s developer claims an “error” gave them access to accounts.

Recommended