Quantcast
'Pokémon Go' Players Are Spoofing GPS Locations to Catch' Em All

Pokémon Go has only been available in the United States for a day, but already intrepid players are finding ways to cheat the game.

Pokémon Go has only been available in the United States for a day, but already intrepid players are finding ways to cheat the game. By tricking a phone's built-in GPS into providing a false set of coordinates, unethical Pokétrainers who would definitely be members of Team Rocket are tricking Pokémon Go into letting them visit anywhere without leaving the house. They are also—and this is important—definitely risking a perma-ban from PokéDeveloper Niantic if they get caught.

As Motherboard contributor Heidi Kemps discovered after a week with the game, the heart of Pokémon Go is getting off of the couch and out of the house. If they can get on Pokemon Go's servers, which at the time of writing can barely handle the load, players explore their neighborhoods and capture Pokémon in museums, universities, and shoes.

A few redditors on the Pokémon Go subreddit are trading tips on GPS spoofing, which involves running a rootkit to take control of an Android device's operating system, installing various unapproved bits of software, and letting these new programs report a GPS location of your choosing. In fact, this method can even do your walking for you. As one user wrote, "Make sure you change locations at a human speed... there is a setting at the bottom that automatically moves location randomly. Set the distance to something small so you move as if you were running (maybe a bit faster) and just leave your phone on to gain [kilometers]."

There are two practical uses for spoofing GPS like this. The first is to make Pokémon Go think you're somewhere you won't or can't go, like a special gym somewhere in Japan or the home of a rare Pokémon somewhere in New Zealand. The second is just plain laziness: items and experience in Pokémon Go grow the more you walk around, so GPS spoofing could be used to convince the app you're walking miles and miles every day.

Compared to the security researcher who found that convicts confined to home arrest could use GPS spoofing to evade their sentence, or the researchers who found that GPS vulnerabilities could mess up air traffic control and military communications, this is a pretty trivial exploit.

But that doesn't mean you can expect Niantic to turn a blind eye to this. Pokémon Go's terms of use warn players not to use "any unauthorized third-party software (e.g. bots, mods, hacks, and scripts) to modify or automate operation," or "attempt to circumvent any restriction in any Service," including restrictions on geography. If you do, Niantic has the power to "suspend or terminate your access to some or all" of the game.

The fear of Niantic's wrath is real. Its previous game, Ingress, was protected by an aggressive anti-cheating tool that banned players all over the world. When it first appeared, it took some members of the community by surprise. If Niantic's banhammer does come down on anyone messing about with Pokémon Go, it is likely to again be swift and merciless.