Pokémon Go and Other Apps Abuse Android Permissions to Spy on Your Installed Apps

Niantic, the creator of Pokémon Go, has long been imposing strict bans on users for using unfair means to excel at the popular games. The developer recently laid out its “Three-Strike Discipline Policy” which says that the use of malicious acts three times including the use of modified files or versions of Pokémon Go could lead users into being banned permanently.

However, one aspect that still remains within the gray area is Niantic’s method of identifying cheaters. Now, under the camouflage of the developer’s drive to weed out players using unfair means, Pokémon Go has been frisking the internal storage of a user’s smartphone beyond its intended permissions. As per many Android users, Pokémon Go has been suspended on their phones purely on the suspicion that their phones might be rooted.

This is because rooting might allow rogue tools escape the app’s scanner without being caught. However, Niantic does not use an intricate method to determine if your Android device is actually rooted but simply scans for files and folders which might be associated with rooting.

But, the worrying and most surprising part about all this is that the internal storage is scanned even when users have not granted storage access to the game. This is outrightly nasty and creepy on Niantic’s part. But not only that, the ease of bypassing Android’s security features shows that not just Pokémon Go but many could exploit permissions similarly.

As per many users, the app even restricts access if it finds installed programmes which are commonly associated with rooted phones – like Magisk Manager and SuperSU. Not just that, you are blocked out of Pokémon Go even if the app finds an empty folder related to those and similar apps.

But besides the sneaky nature of this practice, Niantic’s stand is fundamentally an attack on a users’ freedom to modify their devices to improve performance or appearance, or prevent ad-related tracking.

Rooting, although considered grounds for a void warranty, is not restricted by Google or illegal in any way, and it is one of the ways users can get full control over their own devices. Some banking apps, including Barclays Mobile Banking app, also block access in cases of rooted devices to ensure that root access.

But more important than the breach of a user’s right over their device, this is an example of how easy it is for apps and developers to snoop through private data – even without root access. Niantic also discloses that it might share your personal data as well as live location with third parties, which makes it more vulnerable.

There isn’t much that we can do in case of Pokémon Go but we would certainly hope that Google straightens up the way it allows accesses to developers so that our private data is not at risk due to malicious practices by developers in spite of Google’s assurance.