Pokémon Go has become an overnight success and the whole world is going gaga over it. With more users than Twitter, the game has become the new hotspot for cyber breaches and many users are now deliberating whether it’s safe to use or not.
How Safe is the App?
Many security researchers have expressed concern over the safety of using the app!
Pokémon Go uses your GPS information as well as camera, which expose you to share your private information. In fact, early this week users discovered the app had requested for full access to Google information, which means Niantic Labs, the game developing company will have access to read and send any of your Google messages, can access your Drive and Google Photos. That indeed is scary and many users were shocked at this privacy breach. However the company later came up with an explanation and both Google and Niantic confirmed that the app only accesses basic information (Name, email ids etc.). The issue appeared due to the use of an outdated shared sign on service by Niantic Labs for faster and easier sign-up process for players. However the develops have started work to fix the issue so as to not to confuse the users. After the new roll out the original app seems breach-free
No Compromise, Right? NO!
Does that mean users are not compromising their information to play the game? Well no! Attackers are targeting the app in many ways:
#1 Compromised Third-party app downloads
While the original app seems to be secure, there are many third-party APKs doing rounds of the world, especially in countries, where the app is not yet officially launched. The original app at the moment is available in 5 countries, but the rest of the world is tempted to get the app on their phone as soon as possible. That gives third-party app developers the opportunity to side- load the application on Android and iOS devices.
Security researchers found a few infected Android version of the app that has been modified to include malicious remote access tool named Droidjack. This DroidJack RAT allows attackers full access of the victims phone including personal information, images etc. Although the app hasn’t been downloaded in wild, there are some cases of security breach.
#2 Online Scams for power ups and upgrades
Getting a legitimate copy is not enough to be secure; users need to be mindful of the online scams. Every popular game has cheat codes, online hacks, and 3rd door buyouts for upgrades without paying real money. Scammers definitely make the most of it. When a user click on any such link, fake websites popup with many online surveys and clickbait ads. These may seem harmless but they can be used for potential identity thefts. Pokemon Go happens to be a free app, but it does come with in-app purchases thus allowing you to buy coins in order to hatch eggs faster, buy incense sticks to attract Pokemon and more. So stay away from these Pokecoin scams and rather buy the coins or wait for the eggs to hatch and the Pokemon to come your way.
#3 Play Fair or You May be Banned
People are going crazy playing Pokemon and have discovered many ways to trick the system; like tieng their phone to their pet dog or on their fan and several other weird things. Niantic saw it coming and has been imposing temporary bans on users who are found doing such activities. Trust me, they can find it out since they’ve your GPS information ;)
How to Secure Yourself from such Threats?
#1 Download from Legit Sources
The only way to save your phone from such threats is to wait for Niantic to release the official app in your region and download only from the respective app stores. Trust me, I can’t stress enough as to how important it is to use apps from legit sources.
#2 Don’t fall for free Pokecoins or Pokecoin generators
These automated generators are simply there to make the website owners some profit and collect your emails. They’ve never worked and they’ll not work this time. Also, be very mindful and don’t fill out forms that disclose your important private information to get those bonuses and cheat codes. You should rather pay those little bucks for game upgrades than ending up compromising your privacy and security.
#3 Update Pokemon Go
Updating Pokemon to the latest version is important because it prevents Niantic from accessing your complete Google account
And it doesn’t end with cyber threats!
If incidents of trespassing weren’t enough, There are reports in U.S that many lawmakers were seen playing the game on government areas. NewYork times reports the influx of people in their building in search of game characters. Many federal buildings reported visitors not because of official work but for the game. There also are many armed robberies of Pokémon Go users by criminals who used the game locations to track people. This is just not in the States, the whole world is affected with the game.
This potentially harmless seeming game may also possess serious implications for organizations. Many cyber experts are concerned about the impact the game will have on businesses and enterprise. The game has potential as malware hazard; Endpoint attacks and definitely affects the productivity of your employees.
Chester Wisniewski, senior security official at Sophos points out “It is an app designed to track you, Alphabet knows where you are at”. Alphabet, Google’s parent company is handling the location and point of interest data to make the game more engaging for users. But going by the statement of Wisniewski, this sounds ominous. This is too much information to trust with. All these users bring threat from many areas and these users are definitely working somewhere and they bring those threats to their workplaces. Making the harmless app a lot more dangerous.
Apart from that some employees possess critical company data on their phones, and with RATs and more and more cyber attacks using the game it could be pretty dangerous.
One-way companies can approach this is by setting out policies for which apps can be run on phones that holds key company information.
We live in a time, where anything very popular possesses a lot of threats. We would still hope you have maximum fun and enjoy the super cool game of this decade or may be the century. However, you should definitely look out for the information you share, the permissions you grant and do not go overboard with the game so as to threaten your privacy or even your physical being.