Walking a dangerous line. Pokémon Go and Unofficial API Projects

Pokémon Go is hard not to talk about these days. It quickly became the most popular mobile application in addition to pocketing upwards of 1.9 million a day. With nearly 30 million users and counting, there is bound to be bad eggs among them. We already touched base on the unfortunate abuse of public areas which resulted in the removal of Poké Stops (Ingress Portals), but now we are taking a look at the development side of things.

For those unaware, an API is simply is a program interface. This allows both the Android and iOS versions of the game to “talk” to the same servers. What is commonly confused is the line between an official public API and an internal one. It should be said immediately that no official API exists.

This immediately makes 90% of the released tools against the Terms of Service.

attempt to access or search the Services or Content, or download Content from the Services through the use of any technology or means other than those provided by Niantic or other generally available third-party web browsers (including, without limitation, automation software, bots, spiders, crawlers, data-mining tools, or hacks, tools, agents, engines, or devices of any kind);

So what is the problem?

In short. These applications go against the nature of a GPS based game like Pokémon Go. In Ingress, Niantic’s first game, those who spoof (Modify GPS to be somewhere they aren’t physically), multiple accounters (multiple account owners to get around inventory limit) and more abusers are looked down upon.

They tarnish the miles driven and work spent of those who play legitimately. Ingress grew in popularity very slowly, and it was a strike against your team’s pride to be caught allowing cheating. This led to self policing among communities in order to keep things clean.

This is not the case for Pokémon. At all.

We are at a point where major blogs (The Verge, Ars Technica, Gizmodo and more) are reporting and bringing attention to Terms of Service (ToS) breaking applications. I’m trying to write this post without bringing further attention to these projects, but I’ll provide enough info to give some understanding of the issue.

Pokemon Go Live Map

Shown above is a project that started 7 days ago from the culmination of open source community research. It has 5,839 stars and 1,793 forks on Github as of this writing and led the “trending” on GitHub for days. This project, for those unaware taps into the internal APIs that Pokémon Go provides in order to detail live Pokemon spawns, Gym ownership and Poké Stops.

Your first thought might be “thats amazing!“. I can’t lie, as another developer that the project itself is a neat one. I just keep remembering and standing by the computer ethics class I took in college in which I remember that this game wasn’t meant to be played this way.

I’m no stranger to ethics either. I maintain a tool known as Apktool, a project whose literal purpose to is decompile Android applications. I’ve also been banned from Xbox Live nearly 6 times and lost multiple xboxes to bans. I walk a dangerous line among Terms of Services of companies and Ingress and thus by extension Pokémon Go taught me to be more ethical.

Pokémon Go is having growing pains, but who can blame them. The traffic and usage has been insane. This led to multiple “Is Pokémon up?” bots that literally just pinged servers in order to test the response. Features such as the “step tracker” and “Google map” preview of captured Pokémon have been disabled to help handle the load.

What I can safely assume is that the nearly 50-100 projects that exist now that use internal Pokémon APIs are not helping the server problems experienced the past week. Especially when authors’ of the tools have admitted to having multiple accounts ranging from a few to 5,000.


Taking a step back.

It gets worse. These projects have evolved into the following

  • Automated Pokémon Capture
  • Automated Spoofing (GPS modification)
  • Automated alerts for Pokémon in area.
  • and more.

I get a bit upset when I see responses to these tools such as “I can play at work now”. At what point is unofficial automation too much? In a few weeks after you have automatically captured every Pokémon and auto obtained gear, was it worth it?

If you try and do research for Ingress APIs, your research will be strikingly low in comparison to Pokémon. The abundance of open source and enormous population in Pokémon Go led to an explosion of projects.


This isn’t a kill joy.

I’m not trying to say all unofficial work on Pokémon is bad. One of the best unofficial projects on Ingress is known as IITC, which evolves the Intel map to new levels. However, IITC understands ethics and attempts to sway any development that can be abused. Plugins that “export” data or create additional requests instead of modifying existing are turned down in this project.


I write this to protect you. Most of the popular live Pokémon maps are powered by simple dummy accounts using up server resources to bring the information you crave. These will be banned as Niantic does not want these projects. Other projects require your credentials to function, this moves the target of future bans to you. During my research of the history of Ingress, I talked about the shutdown of multiple unofficial projects. Those projects who refused the notices were left with bans on their remaining users, leaving players who spent days and hours of work without an account.

So the next time you encounter a tool that can easily “auto hack” Pokémon for you. Ask yourself, “Does this violate the spirit of the game?“. I’d venture to say that your answer for most of these tools will be yes. Police your own communities and hold everyone to an ethical standard. If you don’t, I imagine once Niantic can relax from the onslaught of population, server overload and business contact bans will be issued.

They are frequently issued in Ingress to keep the playing field fair and if Pokémon ever wants to evolve to the Anomaly style events that Ingress hosts, the use of these tools will not be allowed. They have risen to the public and open eye where they normally hide in the shadows of Ingress.



Obviously there is a time and place for unofficial work. How else do you think we have high quality graphics of Ingress medals and Pokémon assets? Judge every decision with an ethical compass. Don’t break the spirit of the game and enjoy playing whatever game of these two interests you!