By Emily Rushton, communications specialist, University Information Technology
Pokémon Go is all fun and games…or is it?
Before you download the popular augmented reality game that’s taking the internet by storm, take a step back and consider the security risks.
“Whether you’re running it on iPhone or Android, the application requests quite a lot of permissions to your phone,” said Corey Roach, enterprise security manager for the U’s Information Security Office, or ISO.
This includes access to your phone’s camera, contacts, GPS, storage and network activity. The app also tracks, stores and in some cases, shares your location – a feature necessary to play the game, but one that causes privacy concerns.
Unfortunately, Pokémon Go isn’t the only app to do this. Many of the mobile apps you use on a daily basis also require extensive access to your phone.
“This is not unique or new,” said Roach. If you’re playing a game you’ve downloaded for free, he said, “That company is making money on your information. That’s how they make their money, so they are, of course, collecting as much as they can.”
Initially, users who created their Pokémon Go accounts using their Google account information granted the app full access to all data within their Google account (things like your calendar, email, contacts, and documents). Due to the extreme privacy concerns this caused, an update was released to ensure the app only collects basic Google profile information (user ID and email address) and nothing more.
Roach recommended users log in and check their Google app permission settings.
“It will show not only your Pokémon application, but also all of the other applications that you’ve allowed to do the same types of things,” said Roach.
Of course, users simply aren’t going to stop playing games – but it’s important to know the security and privacy risks before you play.
“There’s not really a way to play these games safely,” said Roach. “In order to play, you’re paying with your privacy. That’s the agreement you’re making.”