Following the news that Pokémon Go app is putting users’ data at risk, Richard Stiennon, Chief Strategy Officer at Blancco Technology Group commented below.
Richard believes that the app, as well as the platforms it connects to (Facebook and Google), have a responsibility to adhere to strict data privacy guidelines such as the upcoming EU GDPR. The large amount of personal data to which the app has access has the potential to cause a great level of damage if breached.
Richard Stiennon, Chief Strategy Officer at Blancco Technology Group:
“To say the Pokémon Go app is a viral sensation is an understatement. Since its July 6th launch, everyone is playing the game, everyone is talking about it and everyone is trying to leverage it in their marketing. With usage stats that have surpassed some of the most popular social media and dating sites, including Tinder, Instagram and Twitter, there’s a much bigger data privacy problem that no one is talking about.
When users sign up for the Pokémon Go app via their Google or Facebook account, Niantic (the software developer behind Pokémon Go) reserves the right to gain access to all prior information that has been shared with the two platforms. The app then uses third party companies to analyse this data.
Having such a large collection of users’ personal mobile data makes it quite possible for the data to be accessed and even stolen down the road. But even more so, the app’s data sharing policy could end up causing serious problems for Facebook and Google, which could leave both platforms more likely to be in violation of data security regulations like the EU GDPR, which takes a very strict and hard-line stance on ensuring users’ right to be forgotten. Beyond violating the EU GDPR, it could also leave mobile users around the world in a precarious predicament due to the fact that their data might be kept for too long. And because the data may not be removed properly at the right time, it could very easily be lost or stolen and then fall into the wrong hands. Given how obsessed everyone is with the Pokémon Go app, I’d say it’s a matter of when, not if, the data privacy of the app’s millions of users could be at risk. That’s not something the makers of the app – or Facebook and Google – should wait around to happen.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.