NEW YORK (WABC) --Pokemon Go is now the biggest mobile game in US history after more than 21 million users have signed up in just a few days. But did you know once you download the app, you can also put much of your private information at risk?
There are plenty of apps already on most phones that can see our personal info, and users aren't just handing out a key, they're throwing the door wide open.
Forget the physical dangers of following a Pokemon anywhere, there's also security risks in the game that may not cross the minds of crazed devotees. Founder of ID Theft 911 Adam Levin walked us through the layers of access "Pokemon Go" asks for, and the first is allowing the the app locate you.
You give up privacy right off the bat, which a hacker or fellow player with bad intentions could exploit.
"If they know where you are, they know where you're not," Levin said. "You could open yourself to being stalked, to being robbed, to being burglarized at your home because you're not there."
Next, the app wants your date of birth. Levin's suggestion is to lie. A real birthday is the first key to ID theft, and since Pokemon Go also wants permission to your Google User ID and password, an ID thief can complete the puzzle.
"That's like allowing someone to come into your house, wander around and take a souvenir," Levin said. "And you don't want to be that souvenir."
Pokemon Go's original disclaimer wanted a lot from users.
"Documents in your Google drive, photographs, videos," Levin said.
But the developer, Niantic Inc., has since backed off, saying it didn't use anything other than basic profile information.
Pokemon Go player Anthony Di Staulo admits in his quest to collect 51 characters that he would respond to texts or emails asking for personal information a scam known as phishing.
Fake apps and clone sites are already taking advantage of Pokemon's popularity, and Levin warns players should only download from authorized apps stores.
"That malware can do anything than recruit their device to be part of a botnet or provide login information to hackster and scammers," Levin said.
He advises always control access in your own settings by turning off which apps you allow to see what.
Niantic said that Pokemon Go only uses basic information like the user's name and Gmail address, and the company said the original information requests, OK'd by millions, were a mistake. And just last Tuesday, it sent out an update that you can download that restricts access to just your Google profile. You just have to log out of the app and download the update.