Is Pokémon Go a huge security vulnerability for your business?

This probably isn’t what Nintendo Ltd. had in mind when its marketing wizards created Pokémon’s slogan, “Gotta catch ’em all.”

The celebrated video game developer and publisher, which has risen in market value by $9 billion USD since releasing Pokémon Go, the smartphone-based, augmented reality take on its popular franchise, found itself in hot water this week over concerns the game might allow its developer, former Google subsidiary Niantic Inc., to collect all of a player’s Google account data.

The controversy began when New York City-based mobile systems architect Adam Reeve posted on his Tumblr that the game was forcing players to give it “full access” to their Google accounts.

“Let me be clear – Pokemon Go and Niantic can now: read all your email; send email as you; access all your Google drive documents (including deleting them); look at your search history and your Maps navigation history; access any private photos you may store in Google Photos; and a whole lot more,” Reeve wrote on July 8.

As the article gained traction, Niantic itself released a statement assuring users that the company was not, in fact, capturing all of their information with the zeal of a Pokémon trainer hunting Mewtwo:

Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address),” Niantic said, according to Gawker-owned technology blog Gizmodo. “Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”

While Reeve himself later backed down on his claims in an interview with Gizmodo (and on his own Tumblr), mobile games such as Pokémon Go still represent a potential security risk for companies that use Google as their e-mail server, or whose employees log into the games using their company accounts.

(That Niantic itself is led by a former CIA employee also appears to have been largely unexplored.)

Fortunately, ensuring a mobile game has minimal access to your Google account information requires only three steps:

  1. Head to your Google security page and look for Pokémon Go (or whichever game you’re concerned about).
  2. Select the game’s title and click “Remove” to revoke full access.
  3. Launch the game on your device to confirm it still works.

While it briefly appeared to present a security risk for its players (and was, in the depressing case of at least nine robbery victims), Pokémon Go has provided players and companies alike with a number of benefits too: it accidentally appears to be one of the most effective fitness apps on the market, and several of the real-life businesses that it’s sent players to have seen a revenue boost.

The game isn’t officially available in Canada yet, though many people are downloading it anyway by changing some of the regional settings on their smartphones.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Eric Emin Wood
Eric Emin Wood
Former editor of ITBusiness.ca turned consultant with public relations firm Porter Novelli. When not writing for the tech industry enjoys photography, movies, travelling, the Oxford comma, and will talk your ear off about animation if you give him an opening.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.