Pokémon Go is a new augmented reality game based on the Japanese children's franchise, using the phone's camera and location tracking to direct users to capture the game's cute lil' monsters. The game's incredible popularity since its release on July 6 seems poised for it to return Pokémon to its late '90s glory days as a world-conquering brand. But as millions of teens and their parents navigate their cities in flocks searching for Pidgies, questions have emerged about the data it collects from your phone and personal accounts, and what it's doing with that information.
TechCrunch discovered some tweets from security engineer Jason Strange, who pointed out the unusually high number of permissions Pokémon Go makes for accessing your information. Strange compared it to Ingress, another augmented reality game created by Niantic, the Google-owned company which developed Pokémon Go.
Any data on you held by Google is a potential goldmine in tailored advertising, and as we know from Edward Snowden's leaks, is also tracked by NSA's PRISM program, which taps directly into Google's servers.
The most immediate threat for Pokémon Go users is the danger of being hacked. Players who sign in to the game with their Google accounts are allowing Niantic full access to those profiles. And as Adam Reeve outlines on Tumblr, yes, that means they can read your email, browse your Google drive, essentially access any part of your life you use Google for. The most chilling part is that it's totally unnecessary: "[W]hen a developer sets up the 'Sign in with Google' functionality they specify what level of access they want - best practices (and simple logic) dictate you ask for the minimum you actually need, which is usually just simple contact information." Perhaps it's unlikely that a Niantic employee will steal your identity. But as high-profile hacks of Sony and Ashley Madison have shown, no company that claims to value your privacy and discretion is immune.
While you can block Niantic from accessing your Google account, Twitter users weren't happy with the prospect of giving them access in the first place.