Launched in USA on 6 July 2016, Pokémon Go is the new location-based augmented reality mobile game. Even though available in few countries, it is the new latest Internet sensation and according to TechCrunch, it is earning $1.6 million in daily revenue!

It surpassed Twitter and Tinder as the most-downloaded app on the day of release.

The game has given rise to few situations.

It’s a new money earning stream as experienced players are selling their high-level accounts. Advertisements on eBay, Craigslist and other marketplaces are easily found. Alan Cassinelli has an interesting article on the psychological entrapment of the game. There is the story of the Forest Grove man getting stabbed while playing Pokémon and a stampede in New York Central Park to capture a rare Pokémon creature, to name a few!

Such is the appeal of Pokémon Go that people are willing to download the cracked version of the game in countries where it is yet not available. While this itself raises multiple security concerns, many experts are of the opinion that playing the game with official download can raise various security problems.

Perhaps, this is the reason cyber security experts aren’t playing the game. Why? The Pokémon Go game requires complete access of the smartphone content, including device GPS locations and total camera access.

Here is the screenshot of permissions required to play the game on Android.

On Android

iPhone users are asked to give “full account access”. Adam Reeve, the principal security architect of Red Owl cyber security company explains the “full account access” term as enabling the app to “read all your email, send email as you, access all your Google Drive documents, delete documents, access any private photos you may store in Google Photos, and a whole lot more”.

Reeve says:

“Pokémon Go is a huge security risk. I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.”

While an app update on 11 July is supposed to have mitigated some of these risks, the app still requires email address, camera access and location data access to function.

With Niantic’s 20-page privacy policy stating they may share information with “may not have agreed to abide by the terms of this Privacy Policy” and CIA conspiracy theories doing rounds, it’s no wonder that the game player needs to protect its privacy.

Security Steps for Pokémon Go

Here is what I recommend:

#1 Create and Use a Dummy Google Account

Don’t attach the game with your main Google account. Create a new account for just playing this game.

If you’ve started to play Pokémon already, logout and launch the Home screen. Login to the game with the dummy Google account.

New Google

This way, Niantic and its third-party users become unable to access any data from your main Google account. Everything is secure.

Further, if you’ve mistakenly linked Google for Work account with the game, follow these steps by Rich Chetwynd.

#2 Use a VPN

First, learn what is VPN and know that using a VPN to play Pokémon is a better option than downloading Android .APK files from third-party websites, as they could be infected with malware. Installing the infected files will give hackers to completely hijack your smartphone and private information.

Even the Pokémon Go site got hacked!

Without a VPN, there is BYOD malware risks, a large security risk. Companies are becoming aware of the malware situation with players downloading malware-infested game files. Malware gives illegal access to the whole device and this worrisome for companies allowing BYOD as the hacker then also has access to business information.

Therefore, use a VPN. How will it help? With a VPN, you can access the App Store and American Google Play Store securely as it allows the user to “route internet traffic though a server in a location of his or her choosing, making it look as though they are somewhere they are not”. (Source)

#3 Don’t Trespass

In Portland, players were warned against playing Pokémon by trespassing into private property by the Police Bureau. People who work from home also reported against players making noise while playing.

This is not an isolated situation. People walking into unwanted places, neighbor houses and places of worship, in search of Pokémon is disrespectful. Avoid trespassing into other properties, lest someone calls the police against you.

Take few common sense measures such as going into well-lit places in search of the game creatures, let someone know where you’re, be where people congregate, watch where you’re going and keep an eye on your stuff.


Though Pokémon Go is an interesting and engaging game, its security risks are undeniable. Take preventive measures before going ahead. Also, if you want to stop playing the game altogether, delete the app and/or delete your Niantic account to do away with the game permanently.