Pokemon GO – a gold mine for some, a minefield for others

Written by on August 2, 2016 in Guest Blog with 0 Comments

anti tank minesIt’s no secret that most of what you do on the internet is already being tracked by your search engine, your apps, your devices, your car and even security agencies if you come up on their radar for any reason.

All that data is processed and either used or sold to third parties that want to know more about you so they can determine what they can promote and sell to you.

Google was the master agency for this type of data tracking and collection but there were a few missing pieces in their jigsaw that prevented them from getting the full picture.

Don’t for a moment think that Google Maps, that brilliant ‘free’ service we all use, was meant as a service for humanity. Anything free these days is bound to have some hidden agenda. GoogleMaps added the ability to track your whereabouts via your mobile device and suggest things that you might be interested in that were close to you.

But smart people don’t always have Google Maps running or give it permission to access GPS data or the device camera when it is not running.

It should be no surprise them that Google would invest in something that filled those gaps without anyone probably noticing or caring about. Something that was fun to do, even addictive. How about a game?

The former internal Google startup Niantic is the force behind the world’s greatest craze – a new augmented reality game that encourages players to go out in public, visit landmarks, and collect cartoon monsters.

You know it as Pokemon GO, but maybe it should be renamed Pokemon GOld Mine because the value of the data it is collecting about you is worth billions.

When Google debuted a Pokemon ad on April Fools’ Day, most people thought it was just a joke. Maybe the joke is now on us? According to Forbes, the game is already close to surpassing Twitter in the number of daily active users on Android—and it was only released on July 6th.

On Android devices, for example, the application asks for access to the user’s camera, contacts, GPS location, and SD card contents. The sign-up process also asks for a date of birth. Although other popular games can make big asks when it comes to device permissions, Pokemon GO requires an active Wi-Fi or GPS signal at all times in order to play. In other words, it has to know who you are, who your friends are and where you are.

Each of these users is providing Niantic with a wealth of information about their location and with aspiring Pokemon trainers signing up in record numbers, sources claim that Niantic’s database of personal data has become a ripe target for hackers, criminals, and corporations, practically overnight.

In addition, Niantic’s Privacy Policy gives the company wide latitude for using this information. Niantic can hand personally-identifiable information (PII) over to law enforcement, sell it off, share it with third parties, and even store it in foreign countries with lax privacy legislation.

It’s unclear exactly where Niantic might be sending your data, and the company has so far offered very few details on how or where it plans to store the huge data trove.

Niantic did not immediately respond to a request for comment from ‘The Daily Beast’ on the potential security and privacy risks associated with Pokemon GO. The company promises in its Privacy Policy that it is taking “appropriate administrative, physical, and electronic measures designed to protect the information.” But hackers have increasingly been targeting large databases of this type – and successfully exploiting them.

The Daily Beast also points out that the data, it turns out, may not even be hosted in the United States. The Privacy Policy states that it “may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction.” And although Niantic promises to be taking “appropriate” protective measures, it concedes in its Privacy Policy that it “cannot guarantee the absolute security of any information.”

Hackers could make a profit by selling Pokemon catchers’ data on the black market or to foreign governments. There’s also the risk for credit card fraud—Pokémon GO uses in-app transactions—as well as identity theft and fake insurance claims.

As TechCrunch reported, it would be “prudent to expect some of your [aggregated] location data to end up in Google’s hands” given the closeness of the relationship but Niantic did not confirm this possibility

Perhaps most worrisome, criminals could also have a vested interest in the information they can glean from simply using Pokemon. For example, nine people in Missouri have already reportedly been robbed at gunpoint after visiting specific in-game locations, as Gizmodo reported. Pokemon Go encourages users to collect items at real-world locations known as PokeStops, allowing criminals to anticipate places where players are likely to gather.

Based on all of this, Pokemon GO could well become the most coveted target for data criminals, hackers and fraudsters and the potential for revenue leakage and theft not only at game level but also at network and personal user level. If Niantic is unsure of how to protect its gamers perhaps network operators could offer their extensive expertise and systems to protect part or all of the chain.

PS Good advice would be not to chase Pokemon characters near any minefield!

Tags: ,

About the Author

About the Author: Rui is CEO and co-founder of WeDo Technologies, as well as COO of Sonae Information Systems (SSI). He is a member of the Executive Committee of Bizdirect, Mainroad and Saphety, SS Sonae Shared Services and, more recently, S21Sec, which is based in Spain. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.