There Are Some Security Concerns About Pokemon GO

by Stephanie Casella

In the late 1990s, when I was in late elementary school and early middle school, Pokémon was my jam. I had a Game Boy and a Game Boy Pocket — the red version — and I always started my game with Bulbasaur, because I was fascinated by a cute animal with a plant growing from its back. Jump ahead to 2016, and I just watched my youngest brother — who's 21, not even a kid anymore — catch a Clefairy that was happily situated atop a chair in his bedroom. Pokémon has evolved (ha!) into an interactive game. But how secure is Pokémon GO, if users are putting their real-life information into a database that others can access? Bustle has reached out to Niantic, Inc. for comment. Update: Niantic, Inc. told Game Informer that Pokemon GO only accesses basic Google profile information (user ID and email address) and no other data, and that full access permission was an erroneous request. "Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access," Niantic said. "Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves."

The craziest part of all of this Poké fever is that the game only arrived on the scene five days ago, and it is already slated to surpass Twitter in popularity for Android users. Google search activity for the term "Pokemon" is at an all-time high — and the game and franchise have existed since 1996 . Basically, a lot of people are playing this game, which collects users' precise location, storage, and camera data in order to play. So who exactly can access this information?

Drew Angerer/Getty Images News/Getty Images

Niantic, Inc. is the company behind Pokémon Go and it reportedly has obtained the right not only to collect data from its users, but also to share that data with various third parties, according to Oregon Coast Daily News. And because the game uses a specialized map that is based on the users' geolocation, these requirements are essentially necessary to play the game.

The specific data used for iPhone and Android users is slightly different due to the phones' respective operating systems.


Should Niantic choose to monetize this data for advertising, it would obviously strive to collect as much user data as possible. At the moment, however, Niantic's intentions are unclear. According to Jason Hong, an associate professor at Carnegie Mellon University’s CyLab Security and Privacy Institute, should Pokemon GO choose to build its business through in-app purchases, it could actually prove safer for user privacy. However, if Niantic is ever sold, the user information can transfer to the new company.

Some additional concerns are that Niantic has the right to share non-identifying information with third parties "for research and analysis, demographic profiling, and other similar purposes." And the app has already proven helpful for crime, as one group of muggers reportedly used the game to lure unsuspecting Pokémon catchers into a trap. That said, law enforcement is already quite aware of the game and its features, even after so few days in circulation, and such awareness is quickly spreading to keep users safe.

Editor's note: This article has been updated from its original version.