Home of internet privacy

Pokémon, no! 9 privacy issues to consider when playing Pokémon Go

NOTE: This post was originally published on July 13, 2016

Within just a few days of its launch, Pokémon Go has gained more active users than Twitter, despite not being available in many places around the world. The app has tricked millions of people into going outside and playing with their smartphones, spawning countless tales of unlikely encounters; some heartwarming, others scary.

Pokemon Go is not the first augmented reality game, not even close to being the first massively multiplayer online game (MMO), and definitely not the first to combine the two genres on a mobile device. But somehow, we’re on the cusp of witnessing a new mass phenomenon, possibly even greater than that of World of Warcraft in 2004.

The developer behind Pokemon Go, Niantic, is not new to this market. Founded in 2010, they also developed the previously most popular augmented-reality-massively-multiplayer-online game, called Ingress, which was released in 2012. Ingress saw two teams of real people fight to control cities by capturing portals, power links, and supply lines, which were augmented into a map on your phone screen.

The same big players behind the same old data harvesting

Niantic is a spin-off division of Alphabet (formerly Google), and their development of Pokémon Go was announced in 2015, alongside a $30 million investment from Nintendo. With two big companies and a huge investment behind it, no wonder it is already such a massive success.

As soon as Pokémon Go was released, privacy concerns were raised. The application requests extensive access to your mobile phone, including camera, storage, GPS, Bluetooth, contacts, and, well, pretty much everything else.

Initially, the app even requested full access to your Google account, including permission to read your entire mail search history, send mail to others in your name, and view all the documents in your Google Drive. Niantic insists user data has not been accessed, and this is all just a big mistake, but it remains uncomfortable to see an app that can create such an accurate profile of where we are, who we are, and even trick us into filming our surroundings.

ExpressVPN won’t go as far as saying Pokémon Go is a dystopian government surveillance psyops conspiracy, but it will for sure have strong effects on even those that don’t use the app — perhaps because their home becomes an in-game ‘Poke-gym.’ And surely it’s only a matter of time until someone steps right in front of your car while trying to catch ‘em all.

Pokémon Go could be stealing your life (and other privacy concerns to consider)

  1. If you have already installed Pokémon Go, update it as soon as you can. This will fix some known issues that allow an attacker to gain access to your Google account.
  2. Don’t install Pokémon Go (or any other app!) from unknown sources simply because it is not available in your App or Play Store yet. These unknown sources often come with integrated malware that will spy on you, make expensive calls, or hold the data on your phone for ransom.
  3. You need a Google or Pokemon.com account to play. While it is generally safer to register separately rather than give the developers access to your Google account, you can always create a new account for purposes like this.
  4. The application always knows where you are. The app will keep a record of your location in the background, and there’s no telling how this information might leak out to your friends, your employer, or even those with malicious intent. Furthermore, Pokémon Go vows to “cooperate with law enforcement” in its terms of service, so you can be sure everything that can be used against you, will be used against you in a court of law.
  5. You are submitting a ton of content to web servers, including pictures from inside your house, and other private areas. ExpressVPN isn’t saying the app was created with bad intent, but if someone did want to create a draconian spying tool, this is the way to do it.
  6. The app has access to a lot of information on your phone. If you are able to play Pokémon Go on a separate, anonymous phone, then go for it. Keep your private pictures, contacts, and chats off your game-playing phone.
  7. Don’t let common sense leave you. Pokémon Go should not be an excuse to enter unsafe areas, so please continue to avoid highways, construction sites, or abandoned buildings — even if you find or suspect a rare Pokémon is hiding there.
  8. Be careful with sharing screenshots, especially those including maps. They can easily reveal your physical location and put you in danger.
  9. Take your friends with you on a Pokesearch. Having multiple people around you does not decrease your chances of catching a rare Pokémon, but when you’re with people you know you are less likely to wander into a lake, highway, a big hole with spikes in it, or get lost in an area you don’t know.

Have fun with your Pokémon, but stay careful

Augmented reality games sure are fun, and Pokémon Go is probably the largest massively multiplayer online game the world has ever seen, regarding the number of players. ExpressVPN is curious to see what new features and games will await us, and where this new technology will lead!