In one way or another, you’ve probably heard of Pokémon Go, the latest new app that seems to be taking over smartphones everywhere. When we first heard about the app, it piqued our curiosity, given our passion for cyber security. This led us to research how the game works, how to play it, and the possible security risks that come along with the game.
Firstly, it is important to note that this game is not an average smartphone game. It uses a technology known as augmented reality, which is a blend of real life and technology. There are many layers to this game, and there are many factors that come into play when using this app, such as using real time GPS locations, geocaching technology and the world around the user.
This game has literally become an overnight sensation and cybercriminals are looking to cash in on this huge opportunity in a variety of ways. Here, we will be examining the risks in the cyber realm and the real world while playing this game.
Cyber Security Risks
Trojanized Versions:
The app isn’t available in all countries yet, and some netizens just couldn’t wait. Just days after the official Pokémon Go App hit the market, researchers from Proofpoint discovered a Trojanized version of the app. So when downloading the app, be sure to only download apps from trusted sources such as the Google Play Store and the Apple App Store.
Online Scams :
As with all popular games, users scour the Internet for cheats and hacks. Scammers are already on top of this, as fake websites have started popping up offering Pokécoins and other power-ups for the game in exchange for filling out surveys or visiting questionable websites. Surveys may seem harmless, however, they can collect a lot of personally identifiable information about you, which could be used in identity theft.
Remember, if it sounds too good to be true, it probably is a scam. As of now, there is no legitimate way or “hack” to get Pokécoins except for buying them in the app.
Privacy Risks:
Review App Permissions:
It’s always important to evaluate what an app wants to access when it is installed. Sometimes, granting permission to access areas of your device can leave your personal information exposed as well as that of others. If it doesn’t make sense to you, such as an app requesting permission to access your phone and SMS capabilities, always deny the app access to that part of your phone. Keep in mind that it may place limitations on how the app functions, or it may not function at all without the requested access. It’s really up to you to decide how much privacy to give away for a game, but at least be informed.
Currently some iOS users and some Android users do not get asked permission to access anything. If signing in via Google, you are potentially allowing the game full access to your Google account. This means that the app has access to your contacts, e-mail, Google Drive documents, and more.
Niantic released a statement saying that they are aware of the issue and working on a fix. While you wait for this fix to come out, you can revoke permissions for Pokémon Go from your Google account on this page.
CONTINUE READING…
