To play it, you have to give up your most private information. It’s only a matter of time, experts say, before that data is in hackers’ hands
While you’re out collecting Pokemon on your phone this week, a Google spinoff company will be busy collecting data about you.
Over the course of just a few days, the former internal Google startup Niantic has acquired a gold mine of personal information through its smartphone application Pokemon Go, a new augmented reality game which encourages players to go out in public, visit landmarks, and collect cartoon monsters.
According to Forbes, the game is already close to surpassing Twitter in the number of daily active users on Android—and it was only released on July 6th.
Each of these users is providing Niantic with a wealth of information about their location. And with aspiring Pokemon trainers signing up in record numbers, sources tell The Daily Beast that Niantic’s database of personal data has become a ripe target for hackers, criminals, and corporations, practically overnight.
“When they hit 25 to 20 million records, they’re going to be breached, and they’re at 10 million right now,” said Gary Miliefsky, who advised the U.S. Department of Homeland Security in the early 2000s and is currently the CEO of the cybersecurity firm SnoopWall.
Pokemon Go collects a vast amount of information from its users. On Android devices, for example, the application asks for access to the user’s camera, contacts, GPS location, and SD card contents. The sign-up process also asks for a date of birth. Although other popular games can make big asks when it comes to device permissions, Pokemon Go requires an active WiFi or GPS signal at all times in order to play. In other words, it has to know who you are.