Navigant's Cyber Risk and Information Security PracticeLearn More


Pokémon GO: Augmenting Privacy Concerns into Reality21 July 2016

Events, IT Security, Risk Management

Pokémon GO, like it or not, has spread across the globe. Chances are a coworker, friend, or family member is in the fray. With more users than Tinder and a larger daily user base than Twitter, the app has secured it’s spot in our social media. It is being credited with promoting physical activity through its interactive maps that integrate with real-world locations. It’s also bringing users together in real space with its PokéStops and Lures. This augmented reality creates a unique experience for users and will likely be a growing trend in games and other environments. While this new phenomenon may seem like all fun and games, there are some things to consider when protecting your privacy and security.

Increased reality begins to blur the lines between the physical and cyber worlds. Users and parents need to be aware of how their data is shared with others in this environment. Something you need to keep in mind if you decide to start your own quest to “catch ’em all” is the app’s request for access to your Gmail account. While there is a Nintendo-sponsored alternative, a Pokémon Trainer Club account, the account registration page has been down since the launch of Pokémon GO, resulting in millions of users granting access to their Gmail accounts.

Caution should be used when giving any app permission to access your data and usage. On an almost daily basis, all of us are routinely bombarded by requests to access our data — whether it’s linking an app to Facebook, Twitter, or Instagram or linking credit cards to apps — and many of us assume we can fully trust the requestor. In the case of the Pokémon app, Niantic requests for full access to your Google account data are unnecessary. Both iOS and Android provide the ability to revoke an app’s access, but doing so prevents you from continuing to play (which defeats the purpose if you’re trying to become the best Pokémon Master there ever was!). These and other security measures (for iPhone or Android) should be implemented, whether catching Pokémon or simply surfing the web on your mobile device.

Something you can do to help protect yourself on your adventure is to ensure you download and install only official apps from their respective app store. Searching for and installing cracked APIs from unknown and untrusted third parties is never recommended. There have already been reports of a cracked Pokémon GO API being used to spread malware on Android devices.

On your path to join #TeamValor, #TeamMystic, or (uhh. . .whatever the team yellow hashtag is), remember that you are giving access not only to your personal information, but also consenting to having your physical location tracked in near-real time while you have the app running.

Pokémon GO is a fun and unique experience, and I recommend everyone who’s been a fan of the franchise give it a try; but you must be cognizant of the permissions, security, and personal data you give to apps that seem harmless enough. Stay vigilant and be a part of #TeamCyber. (Again, no one likes team yellow.)

Matthew Corley /

Work With Us Learn How