Pokemon GO Is Shamelessly Scanning Your Personal Data


Niantic has been trying very hard to stop the game run on rooted devices. In the attempt, they have succeeded numerous times but soon after they succeed to make the game stop a new Magisk version role out which again enables the players to play the game on the rooted device. However, recently a Reddit user by the name of fw85 claimed that Pokemon GO is abusing its permissions to read internal storage on your device. His claim is based on the findings of .NetRolller 3D, by the findings of NetRoller 3D it seems like Niantic is now going through all your personal data on your phone. It includes both internal and external storage. This is an alarming situation, nobody would want any third party app to go through the personal files and folders.

Reddit user, fw85 explains “It’s not just looking for folders, it’s looking for files too and I don’t think a mobile game has any business doing that, especially if their ToS only outlines gathering “information about third-party applications installed on your device.”

.NetRoller 3D Findings:

I’ve updated to v0.115.2 on my _stock, unrooted_ Note 4 (it was rooted before, and has its Knox fuse blown,. but has been completely unrooted and reflashed to stock since then; system status is “Official”). It immediately gave me the unauthorized device error. I double-checked to make sure nothing was left behind from the former root – I even went as far as installing TWRP to check the data & cache partitions for any root residue, finding nothing, and then again reflashing a full stock ROM using Odin. I checked again for root-related apps, as well as anything Niantic may consider a cheating app (like Calcy IV), and get rid of everything that could even be remotely suspicious. No dice, still unauthorized device.

What finally got it to work shocked me beyond belief. I went through the internal & external SD card, and deleted everything related to rooting (flashable-looking zips, APKs of root-related apps, logfiles, Titanium Backup, any folder with “root”, “magisk” or “xposed” in its name, etc – many of them stuff I copied over from my previous phone, never installed on this one). And magically, Pokemon Go started working!

Bottom line: Pokemon Go is abusing its storage read permissions to scan the storage for evidence of rooting. Magisk will need to redirect Pokemon Go’s storage accesses to controlled “sandbox” directories, and prevent it from reading the real internal or external storage. (Simply blocking storage access won’t work, as the game actually writes to internal storage.)

This is really worrying for the lovers of Pokemon GO. I think the company shouldn’t be allowed to go through the personal data of any users. It’s a simple breach of privacy.