All the privacy and malware worries with Pokemon Go


We've gone from "OMG Pokemon Go is the best!" to "Wait ... they want me to give them what personal data?!" pretty quickly.

Within two days of its release, the augmented reality game was on more than 5 percent of Android phones in the U.S. – easily surpassing Tinder, SimilarWeb says. And that doesn't include iPhone users.

So many people played Pokemon Go (despite it barely working for the first few days) that Nintendo's market value shot up $7.5 billion.

But then this week came, and with it, a whole lot of questions about what data and information the app wanted from you.

BuzzFeed has a big breakdown but basically, if you were trying to play on an iPhone and opted to use Google to sign-in, the Pokemon Go app wanted to be able to look at things like your email and Google Drive documents, in addition to all the other permissions you grant it (like GPS location, contacts, etc. etc.). The app on Android devices wasn't nearly as intrusive. You can also read the privacy policy here,

That news got people in upset, considering the app didn't ask for permission to access all of that.

Developers responds, issues fix

The developer behind Pokemon Go, Niantic Labs responded Monday, saying it was a mistake that it would roll back soon, as ArsTechnica reported.

On Tuesday, an update hit the App Store version for iOS, noting it fixes the "Google Account scope."

Now what they're asking for is "basic Google account information, in line with the data we actually access," the developer said in a statement, according to ArsTechnica. That means your user ID and email address.

But Franken is still concerned

Sen. Al Franken, who represents Minnesota and has sort of cornered the tech and privacy space, said Tuesday he's concerned about how much data the app wants.

Even with the fixed Google account issues, things like your email address, IP address, and last website you looked at are part of what the app can look at based on the privacy policy.

Franken in an emailed statement says that he's worried "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users’ personal information without their appropriate consent."

He sent a letter to Niantic Labs CEO John Hanke (which you can read here) asking the company to "provide greater clarity" on how it's addressing privacy issues, especially for younger players.

Also, don't install it illegally or you might get a virus

And one more warning: there's a malware risk for people who download the app outside of the App Store or Google Play store, and load it onto their phones that way.

Proofpoint found an infected Android version of the game, with Droidjack malware tied to it – which would "virtually give an attacker full control over a victim’s phone," the website says.

It hasn't actually been loaded on to the official stores, so if you got the app that way you're fine. And it hasn't been detected on any phones, Fortune explained.

But for people outside the U.S., where Pokemon Go isn't available yet, they might be tempted to download an unofficial version and "side-load" it – so don't do that, because you have no idea if it's safe, Proofpoint says.

Next Up