Pokémon GO is a new mobile game that has recently exploded since its July 6 release. It's an augmented reality game that incorporates real-time location tracking and camera function. Since its release it's been estimated to have already been downloaded more than 75 million times worldwide and growing exponentially, already evident by the mass crowds the game can gather at different locations worldwide.
With required permissions for location, camera, contacts and storage, some concerns about whether or not Pokémon GO is secure have been raised. Concerns like these are raised every time a new app gains considerable popularity over a short period of time, but Pokémon GO has become one of the biggest apps to have been released in North America. So what are the concerns about Pokémon GO and is it time to talk about solutions or just raise hue and cry about personal privacy issues for no good reason?
The concern about Pokémon GO is regarding the user's digital identity. A digital identity is the information available online connected to an individual. This can be usernames, medical records, or any other digital trails a person can leave online. One such example would be that Pokémon GO requests full access to your Google+ profile, one of only two ways to log into the game. Since launch, Google has blocked some access and now you can even play the game without a Google account (by joining using Pokémon Trainer Club).
Your Google+ profile has as much or as little information as you desire, however it usually contains your name, date of birth and your social connections. But at the same time you can create a dummy Google account linked to your main account only to play for Pokémon GO which solves some of the privacy concerns. So is there legitimacy to the concern to your digital identity?
Niantic, the company behind the development of the game, says that the request for full access is an error.
Their statement also said:
However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic.
All this said, Pokémon GO is a very new app with a sudden and enormous following. While the error is being fixed, it may do well to take some precautions like using a dummy Google account or using Trainer Club or to avoid using the app on devices that are linked to sensitive information.
The app does require a constant connection to your GPS and to the internet while the game is open. This is a feature of the game because it allows for the real-time aspect, and the ability to interact with other players in your area. Because of this constant connection and the youth of the app itself, this does still raise the concern of the potential for ill-intentioned players intent on exploiting any security flaws. "Similar fears were raised when Uber and AirBnB and other social connected apps were achieving high growth and followers and new disruptive concepts in healthcare like YourDoctors.online.
If your device contains sensitive or confidential information, it may be worth waiting. With any app, many security fixes are made after its release as they encounter new hacking techniques and security issues - the current version of Pokémon GO is already more secure than pre-launch versions. If you choose to use the app on a personal device, remember to avoid connecting it to your personal or company WiFi. Mobile operators have a very secure network with built in firewalls etc., so you may choose to play on the wireless network mostly.
"Poorly built privacy permissions for applications could put an individual's identity at risk. The average cost of recovering from identity theft is upwards of $20,000 with almost 50% people admitting that if their identity was stolen they would not have the means to manage the recovery process. The good news is that the popularity of Pokémon GO has made millions of wireless users more aware of their privacy settings and the concept of managing their digital identity, which will drive the demand for more robust and secure apps in the future,"
says Sachin Mahajan, board member of a Toronto based startup Qnixit.