Skip to Main Content

Professor Warns of Cyber Risk Playing Pokémon GO

Video Game Creators Can Potentially Gain Access to Your Account

Students playing Pokemon_1 Photo by Alfonso Velasquez
The Pokémon GO craze has invaded the UMass Lowell campus. Rin Kawaguchi, left, a peace and conflict studies student, and Thu Ta Soe, a mechanical engineering major, say the game makes them “get up and explore the university and the City of Lowell.”

07/28/2016
By Edwin L. Aguirre

Computer science Assoc. Prof. Benyuan Liu has a word of caution for people using iPhones to play Pokémon GO, the wildly popular mobile video game that is sweeping the country, including the UMass Lowell campus: Beware of possible security breach.

“There is a security risk when a player logs in to the game using his or her Google account information,” says Liu. “That person might be giving Niantic, the game’s developer, unnecessary full access to the account.”

According to Liu, based on Google’s support document, apps with full account access “can see and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf).”

He says the language is rather general, and the details are up to the interpretation and implementation by Google. He also noted that some of the reported cyber risks involving the game are not exactly true. But as a general rule, Liu is reminding people to give full account access only to applications they fully trust.

“If your account information happens to fall into the wrong hands, a hacker can potentially read, send and delete emails from your Gmail account, have full access to your files in Google Drive and pictures in Google Photos,” notes Liu. “It is a very scary thought.”

The issue, which was first reported in early July, affects only iPhone users who used their iOS device and Google account to sign up for Pokémon GO. Android phone users seem to be unaffected.
Student playing Pokemon_2 Photo by Alfonso Velasquez
Computer science major Luke Beaulieu says Pokémon GO is a “good conversation starter with students you don’t know.”


“The good news is that Niantic has announced that it is working to fix the account-permission problem for iOS,” says Liu. In a statement, the company said “Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.”

The Future of Mobile Gaming

Liu says while Pokémon GO uses some augmented reality and features on a smartphone such as GPS and camera, the game does not represent a big advance from a pure technology point-of-view.

“What makes it such a phenomenal success is the combination of mobile technology and design of the game that augments the virtual domain with the real world, such as collecting Pokémons in real physical environments, points, levels, teams/battles, social interactions and others,” he explains.
Student playing Pokemon_3 Photo by Alfonso Velasquez
The game is a “great community builder,” according to George Le, a computer science student and avid player.


So what is the future for such mobile games?

“It is always hard to predict what kind of game will become a hit in the future,” Liu notes. “A recent trend is to take advantage of various technological advances, such as virtual-reality headsets, social networks and sensors embedded in smartphones and environments as well as worn on the bodies, to create natural and intuitive user-machine-environment interactions. Most importantly, it is the design of the game itself, such as story, presentation, ways to engage players, etc., that attracts players.”

Elizabeth Altman, an assistant professor of strategic management in the Manning School of Business, says that although Pokémon GO is a novel application of augmented reality, it’s still at its heart a fairly traditional video game where the player consumes content created by the game’s developer. She sees this as an opening for the competition.

“Based on research with other platform-type businesses, my best guess is that we will see many more augmented-reality games, and the ones that will survive and thrive will be those that include not only consuming, but also creating and sharing,” says Altman, who witnessed the global phenomenon of Pokémon GO firsthand on recent trip to Iceland, where tourists were searching for Pokémons at the Blue Lagoon.

Altman points out that Niantic had previously developed an augmented-reality game called Ingress, which used crowdsourcing and allowed players to add their own photographs of places to the mapping database.

“It will be interesting to see if Niantic enables users to start inputting data into Pokémon GO since clearly that approach is part of their heritage,” Altman says. “Or, to what extent users will take it upon themselves to try to create their own accessories to Pokémon GO, which we already see happening with an attempt at a crowdsourced master Pokémon GO map underway.”