By now you’ve likely heard of – or you’re at least familiar with, the concept of Pokémon GO – the most popular mobile game in U.S. history. But are you aware of the “dark side” of this cultural craze?
Whether you’re a concerned parent or a business owner/manager worried about how this game might affect corporate security, here are the answers to your most pressing Pokémon GO questions.
While most apps collect data about users, when Pokémon GO users first downloaded the app, they were required to sign in with a Google account and grant access for the app to use their data, camera and contacts. But that’s not all…
On July 11th, Niantic issued a statement that they had “recently discovered the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account.”
They assured users that although the mistake allowed them the ability to dive deep into personal data, the app only accesses a user’s ID and email address. The statement then read, “No other Google account information is or has been accessed or collected.”
Initial reports that stated Pokémon GO harvests detailed account information like the content of emails – were incorrect.
But that information doesn’t matter to the owners of this popular app. They’re after something bigger – they want to know your location at all times so they can sell that information to advertisers.
Brands like McDonald’s (whose logo has already been found in Pokémon GO’s code) can pay the developers a big fee to turn their stores into desirable locations in the Pokémon universe. They’ll draw players to their location and encourage them to buy things “IRL” – in real life. Advertisers will be charged on a “cost per visit” basis, rather than a traditional “cost per click” basis, as Google charges through Adwords.
The combination of a massive amount of users, and large database of user information makes this app the perfect target for criminals and hackers.
If Niantic’s servers were hacked, cyber criminals could potentially harvest all your personally identifiable information (PII). Though the company hasn’t mentioned how they plan to store the data, they promise they are taking appropriate measures to protect the data hackers are doing all they can to get their hands on right now.
Pokémon GO has not only affected the cybersecurity of players, but it has jeopardized their safety in the real world.
Malware & Mirrored Websites
Since Pokémon GO was released in select countries only, cybercriminals jumped at the opportunity to create mirrored websites with fake versions of the app that contained malware and caused other harm to users’ smartphones. In just 4 days, they exploited this demand and assembled a repackaged download of Pokémon GO, complete with embedded malware.
When infected with this malware (specifically designed to target Android users), attackers could control the device’s camera, microphone, and they could even enable remote recording. In a bring your own device (BYOD work environment), clearly this creates a huge security risk for the organization the individual works for.
In one recent story, armed robbers lured unsuspecting players into a trap. The criminals attracted Pokémon GO players to a remote area and robbed them at gunpoint using the geolocation feature.
Although the Pokémon GO game has been well received, it is important that players make security a #1 priority no matter what.
Let’s be clear – Pokémon GO isn’t a unique BYOD threat. Any app installed on a personal device used for work is a potential risk, and the more popular the app, the larger the target. Since Pokémon GO is now the most popular mobile game in U.S. history, this app is a HUGE target for hackers right now.
This risk means there is a greater need for managed IT security and mobile device management (MDM). If employees are playing Pokémon GO on their personal phone they use for work, this presents the risk of exposing sensitive business data in the event of an attack – both in the cyber and physical world.
With a MDM solution, business owners or managers have the ability to remotely wipe an individual’s data in the event the device is lost or stolen. This solution also allows for control over app management and restrictions on app purchases from non-approved markets.
According to CyberEdge Group*, the biggest security risk today for businesses is none other than - mobile devices. Are mobile devices...