Pokemon game raises security concerns

A Pokemon is caught at Yokota Air Base in western Tokyo, Monday, July 11, 2016. Pokemon Go, a new augmented-reality smartphone game layered over the physical world, sends players to real-life locations to capture virtual pocket monsters, or Pokemon.


By KATIE WEDELL | Dayton Daily News, Ohio | Published: July 13, 2016

DAYTON, Ohio (Tribune News Service) — The wildly popular Pokémon Go smartphone app, in which players move around in the real world in order to catch virtual “pocket monsters,” has created safety and security concerns in both the real and cyber universes.

It’s even caused some players to try to get through the gates at Wright-Patterson Air Force Base, because virtual places in the game are superimposed over real places.

“They have not been allowed access nor will we allow access to the installation without credentials,” Wright-Patt spokesman Daryl Mayer said.

Other concerns about the the game’s “augmented reality” include distracted players trespassing on private property or wandering into dangerous situations while looking for pokéstops and gyms — places where gamers can collect needed items and train their Pokémon.

The game’s developer also has had to respond to concerns about its access to user Google accounts.

Developer Niantic doesn’t allow players to just create a username to play. Instead, users must sign in with an existing account from one of two services — Pokémon.com or Google.

With the huge popularity of the game, however, the Pokémon website isn’t processing new accounts.

“Pretty much you had to use your Google account,” said Nick Paras, CEO of cyber security firm Alpha Computing Solutions in Florida. That gave Niantic full access to accounts, something most other games don’t require.

Full access means Niantic can read your email, send email as you, access your documents on Google Drive, and look at your search and map navigation histories.

Google settings actually warn users against granting full access, saying it “should only be granted to applications you fully trust.”

Protecting data

Niantic is working on a fix to correct what it called an error in requesting access.

“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account,” the company said in a statement Monday.

Niantic is only seeking basic information like the user’s email address and is working with Google to reduce the app’s permission to require only basic profile data, its statement said.

As of Tuesday afternoon, signing in still granted full access. When asked when the switch to basic access would be made, a Google communications representative provided a link to a support page that explains full access.

Cyber security experts said it’s not unusual for an app to collect as much information about users as possible so they can sell that data to marketers.

“If you’re not paying for it, you’re the product,” said David Salisbury, professor of information systems at the University of Dayton.

Users should look for requests that seem unnecessary for the app to function, Paras said, like a flashlight app that requests location data.

“There’s absolutely no need for that,” he said, so reading each privacy policy is key.

Pokémon Go’s policy says it collects information such as email addresses, date of birth, IP address, browser type, the web page a user was visiting before accessing the game and more.

The game also collects and stores location information from the player’s GPS while they use the app.

That’s typical of location-based apps, Salisbury said, because companies want to sell you products based on where you go.

Some local players said they’re OK with the full Google access because it’s worth it to play.

“It’s kind of an invasion of privacy but as long as they don’t give my information out to anybody I don’t see an issue with it,” said Griffin Goetz, 18, of Centerville.

Personal safety

Players said the game isn’t dangerous as long as people use common sense.

“I walked a lot with a friend,” said Leslie Klein of West Chester who was playing at The Greene on Tuesday. “You just kinda have to watch what you’re doing. Whether your nose is in your phone or not.”

Both Dayton Children’s Hospital and Springfield Regional Medical Center said they haven’t seen anyone coming in with injuries specifically from playing this game. But experts at the children’s hospital said with the popularity of the game it’s only a matter of time.

“People are looking down at their phone and crossing the street and not paying attention,” said Jessica Saunders, director of the hospital’s Center for Child Health and Wellness. “We’ve seen an increase in pedestrian and car accidents because of distractions and playing this game is certainly a distraction.”

The best thing parents can to is to understand how the game works, she said.

“It’s a great opportunity if kids actually play with their parents,” Saunders said. And there are positives to a game that is getting people out walking, she said.

Staff writer Hunter Williams contributed to this story.

©2016 the Dayton Daily News (Dayton, Ohio)
Visit the Dayton Daily News (Dayton, Ohio) at www.daytondailynews.com
Distributed by Tribune Content Agency, LLC.

from around the web