Pokémon Go – who’s responsible for protecting your data from fraud?


September 23, 2016 Facebook Twitter LinkedIn Google+ Uncategorized


Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Jorge Borges, Head of Marketing Communications at WeDo Technologies looks at the data security implications of the smash hit app.

The success of Pokémon Go has been unprecedented and inescapable, with Forbes reporting that within four days of the game’s launch it was on course to exceed Twitter’s daily active Android users.

However, the game’s popularity has risked masking serious security concerns. Once downloaded, the Pokémon Go app asks users for a whole host of user permissions to access their contacts, camera, SD card content and, most importantly, GPS location.

And although other popular app games ask for some personal details, Pokémon Go requires a constant Wi-Fi or GPS connection to play, meaning that it knows exactly who you are, who your friends are, and where you are – even if you don’t have Google Maps running, or if permissions to access GPS data or the device camera have been turned off.

Through enabling players to bridge the gap between the real world and the virtual world by encouraging them to go out in public and visit landmarks to collect cartoon monsters, this latest craze from Niantic is collecting data about you worth potentially millions. So much so, it should perhaps be renamed Pokémon “GOld Mine!”

For the game’s makers, this data is hugely valuable as it enables them to pass on personally-identifiable information (PII) so that third parties can promote and sell to you.

This type of data tracking and collection has also been used by companies including Google, for Google Maps, however many consumers are not aware that these kinds of ‘free’ services also have the hidden agenda of being able to track whereabouts via your mobile device and suggest things that you might be interested in that are close to you.

The wealth of personal data collected by companies through apps such as Pokémon Go also means that they have become a ripe target for hackers, criminals, and fraudsters. This is especially true for Niantic, whose privacy policy has been hit with controversy. Niantic’s policy states that data “may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction,” opening it up a number of potential security and privacy risks.

All this data creates immense temptation for hackers who could potentially sell users’ data to foreign governments, or the black market. Credit card fraud is another risk to users, with in-app transactions potentially leading to identity theft and fake insurance claims. Hackers are also cashing in on users searching for discounted game currency, such as Pokémon Go’s “Pokécoins,” by creating fake links to online “hacks” that take users to survey scams if they search for items such as “Pokémon Go free coins generator.”

These types of scam sites earn money by requesting the Pokémon Go player’s username and inviting them to complete fake surveys that will ask for their personal details and email address, opening up more potential fraud risks. There are also fake Pokémon Go apps available online that include hidden Trojan horses designed to gather your personal data and provide the hacker with access to your device when downloaded.

While Pokémon Go is useful for inspiring users to get outside, most worryingly, by encouraging players to collect items by visiting PokeStops that correspond to real-world locations, it is also providing criminals with the ability to predict players’ locations, leaving users open to attack or robbery.

The potential for security risks such as revenue leakage and theft are not only at game level but also at a network and personal user level. If developers are unsure of how to protect users of their apps, it may now need to be up to the network operators to offer the expertise and technology needed to bridge the security gap and protect the bottom line.

JBorges_2015_wedoSince joining in WeDo 2016, Borges has been responsible for leading the team in developing and implementing marketing, communication and demand generation strategy within Revenue Assurance and Fraud Management. Borges has more than 20 years’ experience in the ICT industry, having previously held the roles of European Head of Marketing of B2B Business Unit for Toshiba and SMB Marketing Manager, Portugal at Hewlett-Packard. Borges studied at Harvard Business School, Universidade Católica Portuguesa and ISCTE-Instituto Universitário de Lisboa. He also completed an Advanced Management Program at the University of Navarra.

Comments