Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection The Resource Center | article

Are Pokémon GO Players Risking Identity Theft?

Pokémon GO is one of the biggest mobile games in the world, but players may be at risk for identity theft.

Are you ready to catch ’em all? Last week, software developer Niantic released Pokémon GO, an all-new mobile installment of the long-running Nintendo franchise. If you spent most of the late ’90s hunched over your Game Boy in pursuit of these little pocket monsters, you’ll definitely want to check out this app, which allows players to hunt Pokémon in the real world – all thanks to the magic of augmented reality.

Pokémon GO uses your smartphone’s built-in GPS and camera to create the illusion of virtual Pokémon appearing throughout your environment as you walk about. Using detailed map data, the game encourages players to visit real landmarks to find hidden creatures and items. So far, it’s been remarkably popular. Tech Crunch reported that the game has already been downloaded 7.5 million times in the U.S., and the analytics firm Similar Web found that it may soon have more daily active users on the Android platform than Twitter.

But while it’s fine to hunt down Pokémon while exploring your neighborhood at the same time, players need to think about what they may be giving up to enjoy this free app. Recent reports show that Niantic may be collecting a significant amount of personal information, and its large player base may be facing serious security risks.

Gotta share ’em all

Pokémon GO is not shy about asking its users for access to their devices. On Android, the app will ask to see your location, contacts and SD card information, according to The Daily Beast. In fact, the game will only work if you have a stable internet connection and GPS signal, meaning that it knows where you are as long as the app is running.

Android users are prompted to accept a list of security permissions before installing the game, including full information that Pokémon Go may have access to "accounts on the device" and "full network access," according to Polygon.

On Apple devices, the game appears to have gone even further. All players are given the option to sign in to the app through their Google accounts, which sounds convenient but may lead to some big problems. Polygon reported that this grants the game “full account access,” meaning that Niantic may theoretically see everything from your email communication to your Google Map data. On iOS, at least, it is not possible for users to edit these permissions.

Gotta hack ’em all

Given how popular Pokémon GO has been, it is not out of the question to imagine that hackers may attempt to steal this mass of data any way they can.

“When they hit 25 to 20 million records, they’re going to be breached, and they’re at 10 million right now,” Gary Miliefsky, former advisor to the U.S. Department of Homeland Security and current CEO of cybersecurity firm SnoopWall, told The Daily Beast.

Even if Niantic keeps its servers secure, the company’s privacy policy still provides many avenues by which it may disseminate your data. The policy states that Niantic may share information with law enforcement or sell it to third parties. Users will likely not be notified, and there is no way of telling whether this information will remain secure once it changes hands.

Be prepared

The technology that powers Pokémon GO is impressive, but it is made possible by systems that will demand to learn about you and your movements. If you still want to see what all the fuss over this game is about, you should also keep a careful eye on your personal information so it cannot be used to commit identity theft.

An identity theft protection service like Identity Guard can help by monitoring your credit, Social Security Number and public records. Our service will alert you to certain activity in your credit files that could be indicative of fraud, allowing you to take action.