Aaron Ardiri
[Valid RSS] RSS/XML feed
198 entries available (show all)


Internet of Things (IoT)

RIoT Secure AB

>> Pokémon GO - TO SPOOF OR NOT TO SPOOF (part 3)

It was just a matter of time before I checked out the fine print to see what the TOS actually say.

If you have been following this blog - you know I am a big fan of the Augmented Reality game we all know as Pokémon GO. With millions of players worldwide, it didn't take long for hackers and developers alike to jump on board with the popularity of the game and provide third party services, to which Niantic have responded with various cease and desist letters. I have been covering GPS spoofing to enhance the game experience - but where do users stand legally?

As with everything legal; interpretation is key - if anything is ambiguous, then loopholes appear.

Niantic has posted a very comprehensive Terms of Service for Pokémon GO which users must agree to before playing the game. As with most end-user license agreements (EULA) - it is surprising how many people just scroll down and click on 'accept' just to get started. In most cases; most users have no idea what this means for their privacy - until it affects them.

Under the Conduct, General Prohibitions, and Niantic's Enforcement Rights section there is a nice shopping list of what players can and cannot do - they've made it clear about interaction between users, stealing intellectual property, tampering, hacking, or violating any applicable laws. At first glance; you would say they've done a great job of covering their backsides.

The clause that is potentially relevant in regards to GPS spoofing is here:

    attempt to access or search the Services or Content, or download 
    Content from the Services through the use of any technology or means 
    other than those provided by Niantic or other generally available 
    third-party web browsers (including, without limitation, automation 
    software, bots, spiders, crawlers, data-mining tools, or hacks, tools, 
    agents, engines, or devices of any kind);

It is clear that Niantic has a 'use our game as we intend' policy - so the use of third party applications that simulate the game, such as bots that catch Pokémon for you or using tools that help you access their content (such as the location of Pokémon) are absolutely prohibited.

Well - that should be clear right? Unfortunately - it isn't.

As a developer; the concept of "Mock Location Data" is essential for anyone who writes applications with location aware attributes; in fact; you can read all about it on the Android Developer Guide website specific for the topic. Right off the bat; every Android device has this capability built in, allowing users (developers) to simulate a GPS co-ordinates on their device.

In fact; Google even provides the ability for application developers to check if location mocking is actually in place - there are solutions posted online here and even a third party library exists to detect the use of mock locations (MockLocationDetector). It should be quite simple for Niantic to perform the relevant checks to see if users are GPS spoofing - if this is in fact a violation.

The TOS (legally binding document) do not specifically say anything about mock locations - but Niantic add confusion to the topic in their Pokémon GO Trainer Guidelines and specifically state:

    No cheating.
    Don’t do it. Play fair. Pokémon GO is meant to be played on a mobile 
    device and get you outside to explore your world! Methods of cheating, 
    unfortunately, are limited only by cheaters’ imaginations, but include 
    at a minimum the following: using modified or unofficial software; 
    playing with multiple accounts (one account per player, please); 
    sharing accounts; using tools or techniques to alter or falsify your 
    location; or selling/trading accounts.

If someone is using a mock location application - it doesn't mean they are violating the terms of service, the "guidelines" are not legally binding. If you are using such techniques; you still need to encounter a Pokémon, catch it (not always easy), train it and fight as per usual in gym battles. In fact; you can do it all from the official Pokémon GO client - you are not using any third party tools other than what is provided by the operating system of the mobile device.

I can fully understand Niantic's position on third party applications that attempt to replace the official client and give users the ability to catch Pokémon, walk to hatch eggs and snipe gym slots automatically - by all means they should be banned from the game. But surely they must understand that their game mechanics do not favour all trainers in the world.

I had the luxury of being able to travel, visit a number of different continents and catch those elusive, regional Pokémon and make my way to a prestigious level thirty - but my home base was riddled with Rattata's, Pidgeys and it was always the same. I never encountered a rare Pokémon in my rural town - I had to go to the city to do that. If they want to promote going outdoors, put rare Pokémon on hiking trails, tourist locations - not in the city where there is already an issue with density of people; encouraging people to go in to catch Pokémon is going to cause more issues.

I've enjoyed the game - you'll be losing a lot of good players; focus on those who automate, not those who actively play the game - yet may venture out of their restricted location to explore the world virtually. At least they wont get mugged or attacked from the safety of their own home.


advertisement (self plug):
need assistance in an IoT project? contact us for a free consultation.


Pokémon GO - to spoof or not to spoof (part 4)
Pokémon GO - to spoof or not to spoof (part 2)

All content provided on this blog is for informational purposes only.
All comments are generated by users and moderated for inappropriateness periodically.
The owner will not be liable for any losses, injuries, or damages from the display or use of this information.