As part of Niantic's near-constant war against cheaters, Pokémon GO has several steps in place to ban anyone who appears to have used third-party software or mods to manipulate the game. One such measure blocks all Android phones that have been rooted (when users grant themselves 'root' access to the operating system's top-level files), as this opens up the user's device to a degree which would enable all sorts of illegal in-game activity.
This process has been slightly controversial among Android players for some time, as rooting can also be used in much more innocent ways - it allows users to delete those pesky, usually undeletable, system apps that never get used, for example - and doesn't necessarily mean that the user has any intention of cheating within the game. Things have just been taken up a notch, however, as one user has noticed that the app appears to be taking things a little too far.
A member of the XDA Developers forum revealed that his unrooted Galaxy Note 4 (which has been rooted in the past but since been entirely reset to standard settings), received an unauthorised device error inside Pokémon GO after updating the app to the latest version. With the device being set to standard factory settings, this caused a great deal of confusion, until the user eventually decided to scrub the phone's external and internal SD cards.
"What finally got it to work shocked me beyond belief. I went through the internal & external SD card, and deleted everything related to rooting (flashable-looking zips, APKs of root-related apps, logfiles, Titanium Backup, any folder with "root", "magisk" or "xposed" in its name, etc - many of them stuff I copied over from my previous phone, never installed on this one). And magically, Pokemon Go started working!
Bottom line: Pokemon Go is abusing its storage read permissions to scan the storage for evidence of rooting."
Essentially, this means that Niantic will search through your files and folders across your device and SD cards, reading their names to find any evidence of potential rooting. Other users have since tested the theory - creating a brand new blank folder entitled “MagiskManager” (a tool used for Android rooting) - and instantly received bans. This not only means that completely innocent players could receive bans without ever having any intention of cheating, but also naturally raises some privacy concerns.
Hopefully Niantic will clear things up with an explanation in the near future.
[source bgr.com]
Comments 39
Well, Cheetah... i mean Cheaters, Sayonara !
I'm going to create a file called ''sexy pics, don't look mr. Kimishima'', with a link to Rick Astley's famous song. That'll teach them!
@Anti-Matter Did you even read the article?
@Octane Privacy issues don't worry him whatsoever. As long as nobody is cheating in a children's game, he's happy.
There's this line for being worried about cheating and they've crossed it.
@Anti-Matter Did you even read the article? [2]
I had to stop playing GO for about a year and a half because I had rooted my phone so that I could delete system apps and move apps to an SD card (my phone had like 8GB of storage and Android takes up half of that). I've since gotten a new phone with more storage so I've been able to play the game again more recently. Considering all the hacking that was going on at the time I could understand why they started to ban rooted phones, but going this far is not okay.
Hopefully Niantic will clear things up with an explanation in the near future.
Do they every do this? They've been ignoring user complaints since the game's launch because their massive success affords them the ability to do so.
@Anti-Matter Did you even read the article? [3]
Teach me for I am ignorant:
If the app says it accesses system files and you agree doesn't that mean it can access whatever the heck it wants (according to Google's rules I assume)?
Also why is it a big deal? It's not like some guy is sifting through the files, just an automated security step no?
As I say, I have no idea and these are just my guesses.
To be honest I don't care, the worst that will happen is that Niantic discovers how boring and uneventful my life is
That... Can be potentially bad. Very, very bad.
They can "hack" our phones if they want to, and extract everything, like our passwords or even our bank account coordinates if you bought something with it.
Of course, they probably won't do this, but... What if an hacker got control of the game with a script at one point?
... Yeah. It'd be an easy way to get all sort of very dangerous data from all players.
@DABYX and @Kimyonaakuma , that's the worst that could happen.
Pokemon Go: The real intention isn't F2P, but in fact to spy on Android users. I am surprised nobody figured this out sooner or later. By allowing uprooted access, it even hopes to compete with social media and our time, by hiding Pokemon to catch.
That might explain the random PGO crashes and subsequent alerts when the game was never running. Odd.
@Mopati That makes sense, didn't even occur to me a rogue employee or hacker could interfere.
I imagine like, most apps (from major companies at least, not indie games) are doing this as well though? Just that mobile gamers/hackers are more vigilant to discover it with GO.
All Android apps spy on their users. The Facebook app records things in the background and pings your location as much as it can.
@Anti-Matter Instead of saying what everyone else did, a tl;dr: Pokemon Go reads data on phone that it shouldn't have access to. It means someone could use it as a backdoor to steal your data (like bank info) or hack your phone. No rooting required.
Looks like Niantic are the cheaters here.
I sense that this high number of users Pokemon Go boasted just a little while ago will shrink rapidly once this info goes big...
If the software got approved to do whatever it does then the problem is not with the developer. Correct me if I’m wrong, but what I know is apps get submitted for testing before they get published on the Google Play Store.
It's abusing it's read permissions? The read permissions that you gave it when you installed it?
I don't see abuse. I see an easily fooled protection mechanism that's not really fit for purpose but that's not abuse it's just poor coding.
You have to do what you have to do.
Lol, people think they have privacy on a device connected to the internet. I got news for you people, if a device is connected to the internet, and if someone wants to get your info, they can. It's only a matter of how much effort it will take them to do it. You can make it harder for them, but the fact is, they can get it.
Anyway, you gave the app permission when you agreed to their license agreement when you installed it. I know none of us read it, but since when has that ever stopped anything? If you aren't happy with it, uninstall the app.
@DABYX People root their phones for different reasons. A good example is to remove bloatware preinstalled by a oem/carrier. Other reasons is to add features or have a finer tooned control on your hardware. For me it was trying to get smb mounting on my phone when I was on my home wifi. It is a really heavy handed(lazy) approach to say "You root so it means you cheat".
@Heavyarms55
"Other users have since tested the theory - creating a brand new blank folder entitled “MagiskManager” (a tool used for Android rooting) - and instantly received bans."
So you are ok with getting banned for doing that? No root, no cheating, just see a folder name and banned.
Of course people are defending this.
And trying to shift the blame to Google in this case is hilarious. Plenty of apps have storage permission but don't do this.
But it's OK because everything does it. That's the best defense people got these days.
@saintayu Whataboutism, it's a logical fallacy
I believe there's a little more to this. I checked the app on my phone and I have the permission to browse my files turned off. If it ignores this, then I guess they're definitely in the wrong. I'm not even sure why it needs to access your storage to begin with... At least, the access to anything that's not related to the game.
@Arehexes Yea didn't wanna get into the whole hack/cheat blah thing lol, I've been hassled before and also educated on the matter.
I guess you're right in that the software is assuming you may cheat so that's bad but I'm still not sure the 'searching,scanning?' part is bad? Especially if as a user you have agreed for access?
@Octane Yea that is pretty effed up.
Someone needs to see what terms are stated when downloading new and see if there's anything there that basically violates any privacy terms or Google's terms etc.
Seriously?!! #Uninstall
@DABYX Terms of Service and Privacy Policy.
I think this is the part we're talking about:
"In addition, we have and rely on a legitimate interest in using your Personal Data as follows:
[...]
* To carry out anti-fraud and anti-cheating measures and to ensure that you and other users are complying with our Terms of Service."
It's vague at best, since they don't mention how this is collected. They also mention that you can object to them using your data, but that may or may not result in you not being able to play the game anymore.
You can request access to the personal data they're keeping. I'm actually willing to do this just to find out what they're keeping track of.
@Octane That's probably the most vague smallprint I've ever seen!
If you have the time, that'd be really great for everyone to know I think. (I don't have the game personally)
Thanks for the research
@ReshiramZekrom
Same here! Every device I have ever rooted was purely for storage reasons. Most mid to low range Android devices tend to come with very crappy App to SD solutions if any at all. Not everybody that roots wanys to cheat.
None of this would be necessary if Android wasn’t an unstable mess under the hood.
Never forget that Pokemon Go is made by Niantic which started as part of Google and was established with investment money from Google.
If you actually trust Google, you should just post your name, address, birth date, and financial and medical histories on Facebook. Might as well speed up the process. And if you actually trust a company that spun off from Google with Google's money to help isn't a good, good buddy of Google's interests, I have a bridge I'd like to offer anyone with an eye for real estate....
Just use MagiskHide and it'll work just fine. It's things like Xposed that causes the real problems.
Nintendo really needs to end their relationship with Niantic. Between this and Let’s Go, Pokémon is starting to become a joke.
Seems like according to the ToS, you kinda allow them to. Even if it's vague, it doesn't sound entirely misleading. I mean, i dont expect them to tell everyone how they look for cheating. If you hit agree with verbage like that, then too bad? You can always object to it and just not play the game. You don't always get to do what you want AND get all the things you want.
I smell a big court case here with potentially a lot of money involved
4753 9583 0046
I send gifts DAILY i play constantly. Call me a nerd I don’t care I love Pokémon go. Friend me and you will get a gift from me everyday!
4753 9583 0046
So they steal your privacy? Another reason to avoid mobile-gaming. Though I wonder how "clean" our gaming devices are. Mark Suckerberg would be proud!
Tap here to load 39 comments
Leave A Comment
Hold on there, you need to login to post a comment...