Pokémon Go may have been unleashed on the world only a week ago but already legal issues are popping up as frequent as Rattatas.  The augmented reality sensation is raising multiple potential legal problems including possible trespass, privacy worries and, discovered a few days after the games release, major data security concerns.

It was discovered that some iOS users that signed in with a Google account granted the app full permission to their accounts.  Such access theoretically allows Pokémon Go to read all your emails, look at your search history, access photos, Google Drive docs and more. Niantic, the creators, released a statement saying that such permission was erroneously requested and that the app has only accessed users’ basic Google profile information, specifically their User ID and email address.  The company took positive action and fixed the problem, no longer requesting full access from new sign ups and reducing the permissions for current users with its first patch.

However, the app’s privacy policy allows Niantic to collect, among other things, your IP address, email address, your location and the web page you were using before logging into the game.  This may be shared with other parties including “third-party service providers” and “third parties” to conduct “research and analysis, demographic profiling, and other similar purposes”. None of these provisions are particularly unique, but with its location-based focus and surging popularity attracting would-be hackers, consumers should be conscious.

The main lesson from this is not new, everyone should be aware of, and preferably read first, any terms related to data and privacy before agreeing.  Ultimately though large data access by apps is so commonplace it is easy to be complacent.  But stay mindful and remember, absolutely nothing is ever secure on the internet.