News

Stop! Think privacy before you Pokémon GO any further

Contact Us

by Sascha Schneider CIPP/E

Pokémon Go has reportedly been downloaded by more than 100 million people worldwide.

When originally launched, the App had full access (as in complete; unrestricted; no-holds-barred access) to your Google account and all and everything associated with it.

This meant that Pokémon, and his friends and enemies, could:

  • Read all your email
  • Send emails as if they are you
  • Access all your Google Drive documents (editing and deleting at will)
  • Look at your search history and your Maps navigation history
  • Access all photos stored in Google Photos
  • And, the list goes on…

Taking Data from a Baby

For an App largely intended for use by children and teenagers (although you don’t have to go far to find adults chasing, fighting and capturing Pokémon in public places) this is hugely worrying, if not at least from a personal security perspective.

For those downloading Pokémon GO, and the many other Apps with similar amateur security shortcomings, to smartphones otherwise used to access highly confidential and critical data, the consequences of data misuse doesn’t bear thinking about.

If you are the user of a compromised phone or the manager of colleagues who have flouted all security commonsense in the name of game play, the fun will soon be displaced by compliance and data privacy nightmares.

(Note: these settings have since been amended by the producer of Pokémon, waving an ‘implementation error’.)

Keep Your Virtual Keys Safe

In the context of the real world, this is 100 million front doors, not only unlocked, but with open invitations to any strangers to make a house call; wander in, and help themselves to all and anything in your home!

Not only can they steal from you, they can rifle through your personal items, move furniture, change the settings on your TV, modify the password on your Wi-Fi router, maybe even graffiti the walls, all while helping themselves to your prized childhood photo of you with Mickey Mouse – the one you wanted to be kept private!

With your express permission, they can then bundle this booty into the back of your car. Remember, you’ve given them access to these keys as well.

They then drive off, leaving you with your security breached, your property defaced, your bank account emptied, and you and Mickey Mouse posted across the internet for all to see and share further!

And what recourse do you have? You have none, your insurance policy is completely null and void. After all, you did hand over your security keys.

No fool on earth would physically offer strangers such wanton access to their most vital and valuable possessions, so why are so many technically savvy people, without thought, leaving their smartphones open to the world?

At this point you might want to stop reading, grab your phone and check your security settings!

Four Reminders Before You Agree to Any App Ts&Cs

Reminder 1 – Open Your Virtual Doors to No One – Not Even Pokemon!
In the virtual-world, it seems that common sense is too often traded in for the fast thrill of fantasy lands.

In the unlikely event that you did offer your house keys to a complete stranger (I wouldn’t even give my keys to some of my more catastrophic friends!), you would at least have had the foresight to set rules, and if these are breached, complain and call a halt to the activities.

However, if, in your excitement to get playing you ticked the “Agree” box without reading the contract small print you have effectively relinquished all security.

You have handed over all rights to all personal and business data on or accessible from your smartphone to any criminal wanting to use or sell it. You have also opened yourself up to an absolute compliance and security nightmare, one that is potentially career or business ending!

Reminder 2 – Poor Data Privacy is Socially Unacceptable
In 2010, Mark Zuckerberg, the crowned prince of social media, pronounced that data privacy is no longer “a social norm.”

According to MZ, people are not only sharing more information they are more open about what they share and with whom. For some, think Twitter and Facebook, the more people, and the more compromising the content, the better!
Let’s pause a minute. If privacy is no longer the norm, should we accept mass security breaches and open access to our data as the norm?

No! This ‘social norm’ has evolved over time, but it is not a practice recommended to (nor should it be accepted by) people wanting or needing to protect their own personal and professional identities and data.

For something as simple as downloading a game to your smartphone the serious repercussions are just not worth the risk.

Reminder 3 – If in Doubt Do Not Accept
Privacy Notices should be transparent and leave no room for doubt. If they are excessively long, or written in complex language, be mindful. A recent study revealed that the average person spends just seconds reading a standard notice that should take up to 10 minutes.

Without reading and understanding the document you have no way of knowing if your internet connected device is protected. If in any doubt, do not accept the terms. Whilst it is frustrating not to be able to download an app, with hindsight, you might be glad that you hadn’t!

Reminder 4 – Face up to Facebook
Now, we all know (we all do, don’t we?) that by using Facebook, LinkedIn, Twitter, Google, and whatever social medium platform comes next that your data is totally exposed to the infamous stranger.

No matter how many times you copy and paste the stock paragraph on Facebook stating that you do not allow Facebook to use your pictures, read your posts, abuse your privacy, you signed up to their Privacy Policy.

Therefore, for as long as you are signed up to use their services, you have agreed to let Mark Zuckerberg et al continue to use your data.

To social media platforms, your data is money. To them, the internet is the perfect channel to distribute your data to make money. By accepting their Privacy Policy, you are inviting them to make money out of you.

Trust me, social me

dia platforms are not your friends, and they don’t care if you ‘like’ or ‘poke’ them. They simply want to use you!

Is it Time to Retreat to the Caves?

Obviously not!

These days we are living in Clouds. Almost everything we do or use is connected to the Internet and so it is hard to avoid sharing your data.

We, therefore, need to be sure that we’re not making our data vulnerable by signing up to and downloading apps and services that are not clear with their Privacy Policies, or scrupulous with the management and storage of our data.
Your data is the new currency. Its exchange rate is good, and it is getting stronger. Look after it. Lock it up.

The Last Laugh

Recently, I came across the following privacy statement:
“We firmly believe that privacy both inconsequential and unimportant to you. If it were, you probably would not have a Facebook, Twitter, or LinkedIn account: and you certainly wouldn’t ever use a search engine like Google. If you’re one of those tin-foil-hat wearing crazies that actually care about privacy: stop using our services and get a life. We agree with Mark Zuckerberg when he pithily opined “The age of Privacy is over.”