Pokemon Go is the app that has taken the world by storm in an unprecedented fashion. It has quickly skyrocketed to the top downloads list and has broken a variety of mobile app records. It currently competes with and sometimes surpasses such giants as Twitter and Facebook in terms of the amount of time spent and the amount of money earned. Basically, everyone is playing Pokemon Go or at least knows someone who is.
Popularity and Security
While this popularity is great news for the developers, and Pokemon Go is indeed a very unique and addictive game, popularity tends to be bad from a security standpoint. At the most basic level, this popularity invites hacking. Mobile apps are also one of the most hacked and most vulnerable programs available.
The nature of Pokemon Go also encourages players to congregate in certain areas like city parks or community buildings. These places often have Pokemon gyms were battles and the more exciting elements of the game take place. They also tend to have an above average concentration of Pokestops, places where players can earn experience and items every five minutes by visiting them. A mass of players in a small area all playing on the same interconnected app represents a haven for short range hackers who could be trying to exploit the game to access a person’s device and personal information. This risk greatly increases if the players are connected using the same WiFi hotspot or local network.
Permissions and Access
One alarming concern with Pokemon Go at its release was the unprecedented level of account access the app requires. The majority of apps request only the minimum level of access required for the app to function. While this sometimes looks ominous, for example the ability to access contact information, billing information or make changes to the hard drive, these functions are generally necessary for all apps. The act of installing the app is a change to the hard drive, so the program wouldn’t be usable without that permission. Access to in-app purchases wouldn’t be possible without access to billing information, and the list goes on.
Pokemon Go, however, requested full account access through Google. This was very alarming to security experts because full account access allows the program to do basically everything the user would be able to do with their Google account. This includes access personal information and files such as those stored on Google Drive. It would even include being able to make changes and delete those files. Obviously, this was far in excess of what the app needed to function.
The rumors and backlash created by this were quick and harsh and forced Pokemon Go developer Niantic to quickly take action. They put out a statement explaining that full account access was not intended or needed and that no abnormal information had been collected or accessed by the company. A patch was released that fixed these permissions, and Google made their own changes to restrict access back to a reasonable level. For all intents and purposes, the problem was resolved for current and future players.
Even so, the incident begs some important questions. One important consideration is how easy it was for so many people to give away this security and protection without even thinking about the possible consequences. In this particular case, Niantic seems to be a reputable company that truly did not access information, and the situation was merely an oversight. What might happen if hundreds of millions of people were to download such an app and unwittingly provide their information to a less reputable organization? The whole fiasco shows every hacker and scammer in the world just how easy it would be to dupe the masses.
The precedent for a massive identity theft breach has been created, and that precedent cannot ever be taken back. The best hope now is that the incident has alerted more people to the fact that they need to be careful and considerate about app permissions and what they give away with the simple click of an accept button.
Tracking, GPS Data and Cameras
Pokemon Go is also a relatively new phenomenon when it comes to what the apps does with a device. It provides continuous GPS tracking and also access the device’s camera. This leaves the potential for exploit by unsavory characters, the government and various companies who can collect a massive amount of very precise location data for many millions of people. This is usually used in a benign and even helpful manner to assist companies with businesses plans and the placement of products. There is still always the potential that a hacker or criminal could use the same system to track or stalk individuals without their knowledge or consent and collect a great deal of information about their daily personal lives.
Third Party Permissions
How to Protect Yourself
Taking extra steps to protect your online identity and information has become more important than ever before. The Pokemon Go phenomenon has brought this problem into the spotlight, which is good news because it means more people and companies may take action to prevent security breaches.
One of the best ways to get protection is to use a VPN service. A VPN encrypts all of the data sent out on the internet. It is a huge barrier against hackers and unwanted intrusions. Commonly, it has been the domain of businesses and schools to allow students and employees to access secure databases and servers on the go. With electronic security threats higher than ever before, it is worthwhile for individuals to make use of this service for protection.
The takeaway lesson from Pokemon Go is that consumers need to be more careful and more mindful about how they conduct themselves online, what they download and how liberally they give access to programs. It is more likely than ever that this situation will be repeated and that the need to be prepared and vigilant will remain.