We have seen popular mobile games such as Angry Birds, Candy Crush and Temple Run acquire cult status, but none of them can equal the global frenzy created by Nintendo’s new mobile game Pokémon Go. Within a week of its release, the game was downloaded 7.5 million times in the US alone. The fact that the game is officially available only in US, Australia and New Zealand hasn’t deterred people in other countries from downloading and installing the APK (android application package) file from random links, to enjoy the game.

Also read: Pokémon Go: The cultural phenomenon has made a comeback

The privacy concern

Some anti-virus companies have raised concerns over privacy and security risk of the game.

US-based Trend Micro pointed out that game developer, Niantic Labs can read emails of users who sign up in the game with their Google account. Trend Micro’s suspicions were based on the game’s asking for full access to Google accounts at the time of installation. A Finnish antivirus company F-Secure thinks differently and is of the opinion that the entire privacy concern has been exaggerated.

F-Secure’s security advisor Sean Sullivan points out that having full access doesn’t mean Niantic Labs can read, send or delete your emails. The permission has more to do with Google’s settings. It means instead of mentioning every permission the game needs, Ninatic has opted for an older model and so, Google identifies its permission request as full access to warn users.

Sign-in using existing credentials is used by a number of apps and games to speed up the process. Sullivan adds that collecting email, IP address, username and location is a common practice and is typical of most apps.

F-Secure suggests that users who are still sceptical about this can create a separate Google account which isn’t connected to their personal Gmail account and use that to sign up in the game.

Concern over fake and bugged versions

The fact that it has become global phenomenon even though it is available in only three countries, suggests rampant downloading of pirated app installation files. This holds numerous risks, since such apps have not been verified by any reliable source and can bugged with malicious software. This allows them to play the game but at the risk of compromising their entire personal data. Apps on Google Play Store are often released within days or weeks after debuting in US. Researchers at Proofpoint found a modified version of the game’s APK with a malicious remote control access code called Droidjack which can hijack and take control over an infected phone. (Read more here)

A number of spin-offs and lookalikes have also surfaced on the Play Store. Though these games are available on the official store, knowing Google Play Store’s sometimes lax verifications standards, it is better to avoid them.

What is Niantic Labs doing about it?

Meanwhile, Niantic Labs has announced that Google will soon reduce Pokémon Go’s full access permission to basic access and has asked users to not take any actions themselves.

In an official post on its support page, Niantic Labs refuted the concerns and assured users that no personal information had been accessed by them except information such as user ID and email address of the user. (Read more here)

Close