Pokemon Go: When Cybersecurity “Breaches” Real Life

Many of you may have recently seen what appear to be zombies roaming the planet in search of their next victim. 

Last updated: September 15, 2025

An avatar of the author
BlueCat
Hand holding smartphone playing Pokémon Go AR game on forest path, illustrating mobile gaming cybersecurity risks
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article discusses cybersecurity risks tied to the mobile game Pokémon Go, explaining how its location-based gameplay and initial permissions model created opportunities for data exposure and malware distribution. It describes the technical environment where apps request broad access to Google account and device data, and highlights operational impacts such as unintended sharing of physical address, contacts, and susceptibility to malicious apps or paid-service scams. The piece concludes with practical security outcomes: users should carefully manage app permissions, verify app authorship and reputation before downloads, and be mindful of real-world safety implications when sharing location with online contacts.

What was the main privacy risk when Pokémon Go first launched?

When Pokémon Go first launched the game requested full access to users’ Google account information by default, which allowed the app—or anyone who compromised it—potential access to sensitive personal details such as physical addresses, email, phone contacts and other account data. This overly broad permission model increased the risk of inadvertent data exposure for millions of players. Although developers later fixed the default permission behavior, the initial period likely resulted in many users having already shared excessive account privileges.

How did malware take advantage of Pokémon Go’s popularity?

Malware authors created malicious applications that masqueraded as necessary Pokémon Go-related downloads or utilities, tricking users into installing software that performed harmful actions. These malicious apps could subscribe users to unwanted paid services, redirect clicks to paid advertising, or exfiltrate private information from the device. While security teams and marketplaces worked to remove discovered malware quickly, the high popularity of the game created ongoing opportunities for additional malicious apps to appear and exploit inattentive users.

What practical steps does the article recommend to avoid getting breached while playing location-based games?

The article recommends three common-sense strategies: first, do not automatically grant applications access to sensitive services—only allow location, contacts or account access when you understand why the app needs them. Second, verify the app author before downloading by checking the developer name, number of downloads and user reviews; newly published apps with few downloads and many negative reviews are suspicious. Third, be aware of real-world safety risks from sharing location with online contacts—treat online acquaintances cautiously because revealing whereabouts can lead to stalking, burglary or worse. These measures reduce exposure and improve personal security.

Are you up to date with the latest mobile gaming sensation – Pokemon Go? Are you aware of the possible cybersecurity threats lurking beneath the game? 

Pokemon Go is a hit for many reasons, one of which is that it actually uses your location and surroundings as part of the game. While wandering through your neighbourhood, players can see both the houses on their street and the various Pokemon characters who magically appear- waiting to be caught. The game is addicting and engrossing, but unfortunately, it has brought with it some security issues.

First off, when the game launched, it asked for full access to your Google account information by default, allowing the game (or someone who may have compromised the game) access to a multitude of personal details such as your physical address, email, phone contacts, etc.  That has since been fixed by the developers, but it’s likely that millions of people have already inadvertently exposed their information. 

Soon after the game’s launch, a whole host of malware was created to trick users into downloading necessary applications that contain security issues, such as subscribing to unwanted services, clicking on paid advertising, and accessing additional private information.  These pieces of malware are being taken down as quickly as they can be discovered, but the potential clearly exists for more of this behavior to take place.

So what can a Pokemon master do to avoid getting breached? Here are some basic, common-sense security strategies: 

1. Never automatically accept requests to access services from applications you install.  Location awareness, access to contact information, etc. can all potentially be used against you in some way.  By default, you should never allow applications to access this information unless you understand why they want that access.

2. Always verify the author of an application before you download it.  This can be a bit difficult, but matching a company name to the application is typically a good starting point.  Then look at how many downloads it has, and the reviews or ratings of that application.  There is a high likelihood that something that has only been downloaded a few times and has a lot of negative reviews is not something you want on your device.

3. Always be cognizant of online safety with respect to the impact it can have on the real world.  If you have online “friends” that get access to your location information, it can cause all kinds of issues from stalking to burglary to something worse.  Realize that no one online is necessarily who they claim to be, and when the line between the real world and the online world gets blurred you need to take precautions.

Now go out and catch them all! 

 

Published on: July 25, 2016

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

BlueCat and Cisco graphic stating “Get DDI data from BlueCat in Cisco Cloud Control” for AI-driven network operations
Blog

BlueCat DDI data boosts Cisco Cloud Control AI-driven operations

BlueCat’s integration with Cisco Cloud Control provides AI agents with access to trusted DDI data for network investigation and remediation.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more