Security Implications of Pokmon Go
Aug 29, 2016
In some way, shape, or form, willingly or unwillingly, everyone is now familiar with the latest trending Smartphone app Pokmon Go. Whether you have the app, your kids have the app, your significant other has the app, or someone veers into your lane driving down the road playing the app, everyone is involved and having fun! Innocent and harmless fun right?
If you were one of the people anxiously waiting for the launch of Pokmon Go on the app store you most likely rushed to install the app without reading any of the security settings, permissions, or terms and conditions associated with running the application. The app initially had explicit access to linked accounts on both Android and iOS, without informing the user. So if you installed Pokmon Go the first week it came out and used your Gmail account to login, you allowed the game full access to your Google account. The app had access to contacts, e-mail, Google Drive documents, and more. This privacy and security infringement was fixed in an update to the application about a week after its initial release.
The Pokmon Go app uses a mobile devices GPS location services to allow players to find and capture Pokmon characters around the world. The GPS is used to gauge proximity to landmarks called PokStops where you collect items that assist you on your Pokmon catching crusade. The game also uses a technology known as AR (Augmented Reality), which is a method of superimposing aspects of the game in the reality around you using cell phone camera, microphone, and real time GPS locations.
This aspect seems harmless too right? What happens if you are at a government facility that forbids photography in certain areas? What if you take a picture of your Pokmon on your desk at work with proprietary customer data and PII (Personally Identifiable Information) in the background on your computer screen? Maybe the background of the picture includes a username/password on a sticky note as well?
Spoofed versions of the app have been discovered recently. Fake websites have started to surface offering Pokcoins and other game enhancements in exchange for filling out surveys or visiting unsavory websites. Surveys may seem harmless but they can collect PII which could be used in identity theft.
In closing, if you choose to play this app the best way to ensure privacy and security is to make sure you verify security settings when downloading and installing the app from TRUSTED locations only. Keep the app updated and secure. Always be mindful of your surroundings. Pokmon Lure locations can be positioned in areas that pose a great physical security threat to individuals playing the game.