Tag Archives: Pokemon

Pokémon GO: The One Serious Problem Everyone Should Worry About

Posted on August 9, 2016 | Leave a comment

Pokemon_Play

Unless you’ve been living under a Snorlax, you’ve probably heard about the wildly popular new augmented reality game, Pokémon Go.

The game uses your smartphone’s camera, GPS, and position sensors to tell the game what to display and where, creating the illusion that cute little cartoon “pocket monsters” are standing in your living room, on the sidewalk outside, or in the park nearby. You grab free Pokéballs (to catch the critters, naturally) at local sites of historical interest. And businesses can purchase Pokémon “lures” as advertising to draw imaginary monsters and real fans to their physical location.

It’s a digital world overlayed over the real world, and it’s insanely popular. As of the writing of this article, reports said it had already been downloaded 7.5 million times.

But the way the phone works requires data — and lots of it — and problems have arisen with what the app collects, and what the company is doing with it.

News began to percolate that the game required full access to your Google account when you sign in.  Full access allows the app — and the company — to “see and modify nearly all information in your Google Account,” according to Google’s My Account privacy controls. It doesn’t have access to passwords or payment information, but it can read your emails, see what you’ve been searching, and more.

The company, Niantic, said the request was a mistake and has reportedly changed the access requirement in updates to the game. But the question remains: Why did so many users give a game designed for 10-year-olds full access to everything Google knows about them?

It’s just one example of a systemic problem: We give away our data far too easily.

Especially with apps, where we download something for free and want to start using it quickly, people never read the lengthy terms of service agreements they’re happily agreeing to, and don’t understand the full extent of the information they’re voluntarily giving away.

Pokémon Go, for example uses your phone’s location, your IP address, and the webpage you most recently visited before playing, all connected with your real name and account information, according to the game’s privacy policy.

It uses a Google map and your real-world GPS location to direct you to Pokémon you can catch. But that information can be misused. Already, stories are circulating of criminals targeting Pokémon players for robberies, and a man who claims he was dumped after his girlfriend discovered he was cheating by looking at his game history — and these are just people exploiting the nature of the game, not hacking anyone’s data.

Last year, music service Spotify got into trouble with an overreaching data policy that wanted to access users’ photos, contact lists, and media files. The company clarified soon after that users would have to opt-in to these features, but the damage was done.

By default, Windows 10 also came with a Big Brother-esque so-called “privacy” policy that granted Microsoft the right to read your emails, “other private communications or files in private folders,” use your bandwidth for their own purposes, and profile your computer usage. Users can opt-out of many of these Orwellian surveillance schemes, but the question is how many people will go to the trouble of doing so?

The problems I see exemplified by this most recent outrage over the Pokémon Go app — and others like it — are twofold:

First, companies are in a land-grab to collect as much data as possible about their customers against current and potential future use scenarios when it will become valuable. Most are taking the road of forcing savvy users to opt-out of this data collection, rather than allowing them to opt-in as program features require the information.

Second, and perhaps more importantly, users are blissfully ignorant about the privacy they’re giving up every time they click the “accept” button on a new app or program. As a whole, we do not educate ourselves, nor even concern ourselves with the information we’re giving away. Not until some interested computer scientist, journalist, or hacker discovers the distasteful truth is there any kind of outcry.

We need to be more educated and more cautious with our privacy unless and until companies come around to more common-sense policies and best practices when it comes to what they collect of our data and how they use it.
Know who has access to your data !!

Leave a comment

Posted in Big Data, Cyber Security, Security

Tagged ,

Pokémon GO: Safe to Download or Not?

Posted on July 14, 2016 | Leave a comment

PokemonThe newest game craze to sweep the nation is Pokémon GO. The popular game, created by Silicon Valley’s Niantic Labs, uses your phone’s GPS to detect where you are and make the Pokémon characters appear on your phone’s screen. As you move, you encounter more characters. Of course, this is all from second hand as I have chosen not to download and play.

No, I am not a hater on latest trends. Actually, I love the idea of an augmented reality game that gets users out and about on a hunt; it’s a very cool concept. However, there are some issues with the download.

pokemongogoogle1_jpg_CROP_original-originalThose who chose to download the game via Google on an iPhone gave the creators at Niantic full and total access to their Google accounts. This allowed the developers access to users’ Google photos, e-mail, browser history, map history and more. Yikes!

Niantic released a statement Monday stating they are currently working on a fix:
We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
It appears that Niantic used an outdated version of Google’s shared sign-on service.  This approach uses credentials that already exist on your phone, so the user does not have to create another online account, saving time.
pokemon-fig1-773x1024
 However, this method should ask the user what permissions they want to grant the app, which Niantic did not do. Since they used an outdated and unsupported version of the sign-on, that permission granting step was completely left out, leaving Niantic full access to the users’ accounts.
It is hard to believe that the creators would do anything harmful withusers’ information that could ruin their reputation as stock for Nintendo is growing exponentially. However, users may want to beware for the time being.

Leave a comment

Posted in Cyber Security, Security

Tagged ,