The wildly popular Pokémon Go smartphone app, in which players move around in the real world in order to catch virtual “pocket monsters,” has created safety and security concerns in both the real and cyber universes.
With virtual places in the game superimposed over real places, it is also causing issues of people trespassing on private property or accessing public areas, like local parks, at times when visitors are not permitted.
Other concerns about the the game’s “augmented reality” include distracted players trespassing on private property or wandering into dangerous situations while looking for pokéstops and gyms — places where gamers can collect needed items and train their Pokémon.
The game’s developer also has had to respond to concerns about its access to user Google accounts.
Developer Niantic doesn’t allow players to just create a username to play. Instead, users must sign in with an existing account from one of two services — Pokémon.com or Google.
With the huge popularity of the game, however, the Pokémon website isn’t processing new accounts.
“Pretty much you had to use your Google account,” said Nick Paras, CEO of cyber security firm Alpha Computing Solutions in Florida. That originally gave Niantic full access to accounts, something most other games don’t require.
Full access means Niantic can read your email, send email as you, access your documents on Google Drive, and look at your search and map navigation histories.
Google settings actually warn users against granting full access, saying it “should only be granted to applications you fully trust.”
Several news sources are reporting Pokémon Go creator Niantic has pushed through an iOS app update that corrects the full access error.
With the update, Niantic is only requesting access to basic account information, such as a user’s name and Gmail address.
The Wall Street Journal reports that iPhone users should log out of the app and download the update. Then, log back in with their Google account to see the scaled-back permissions.
The app’s authorization under Google settings should say, “Has access to basic account info.”
Cyber security experts said it’s not unusual for an app to collect as much information about users as possible so they can sell that data to marketers.
“If you’re not paying for it, you’re the product,” said David Salisbury, professor of information systems at the University of Dayton.
Users should look for requests that seem unnecessary for the app to function, Paras said, like a flashlight app that requests location data.
Pokémon Go’s policy says it collects information such as email addresses, date of birth, IP address, browser type, the web page a user was visiting before accessing the game and more.
The game also collects and stores location information from the player’s GPS while they use the app.
That’s typical of location-based apps, Salisbury said, because companies want to sell you products based on where you go.
Some local players said they’re OK with the full Google access because it’s worth it to play.
“It’s kind of an invasion of privacy but as long as they don’t give my information out to anybody I don’t see an issue with it,” said Griffin Goetz, 18.
Players said the game isn’t dangerous as long as people use common sense.
“I walked a lot with a friend,” said Leslie Klein, of West Chester, who was playing at a Dayton area shopping center Tuesday. “You just kinda have to watch what you’re doing. Whether your nose is in your phone or not.”