In one way or another, you’ve probably heard of Pokémon Go, the latest new app that seems to be taking over smartphones everywhere. When we first heard about the app, it piqued our curiosity, given our passion for cyber security. This led us to research how the game works, how to play it, and the possible security risks that come along with the game.
Firstly, it is important to note that this game is not an average smartphone game. It uses a technology known as augmented reality, which is a blend of real life and technology. There are many layers to this game, and there are many factors that come into play when using this app, such as using real time GPS locations, geocaching technology and the world around the user.
This game has literally become an overnight sensation and cybercriminals are looking to cash in on this huge opportunity in a variety of ways. Here, we will be examining the risks in the cyber realm and the real world while playing this game.
Cyber Security Risks
Trojanized Versions:
The app isn’t available in all countries yet, and some netizens just couldn’t wait. Just days after the official Pokémon Go App hit the market, researchers from Proofpoint discovered a Trojanized version of the app. So when downloading the app, be sure to only download apps from trusted sources such as the Google Play Store and the Apple App Store.
Online Scams:
As with all popular games, users scour the Internet for cheats and hacks. Scammers are already on top of this, as fake websites have started popping up offering Pokécoins and other power-ups for the game in exchange for filling out surveys or visiting questionable websites. Surveys may seem harmless, however, they can collect a lot of personally identifiable information about you, which could be used in identity theft.
Remember, if it sounds too good to be true, it probably is a scam. As of now, there is no legitimate way or “hack” to get Pokécoins except for buying them in the app.
Privacy Risks
Review App Permissions:
It’s always important to evaluate what an app wants to access when it is installed. Sometimes, granting permission to access areas of your device can leave your personal information exposed as well as that of others. If it doesn’t make sense to you, such as an app requesting permission to access your phone and SMS capabilities, always deny the app access to that part of your phone. Keep in mind that it may place limitations on how the app functions, or it may not function at all without the requested access. It’s really up to you to decide how much privacy to give away for a game, but at least be informed.
Something to be aware of at the time of this writing:
Currently some iOS users and some Android users do not get asked permission to access anything. If signing in via Google, you are potentially allowing the game full access to your Google account. This means that the app has access to your contacts, e-mail, Google Drive documents, and more.
Niantic released a statement saying that they are aware of the issue and working on a fix. While you wait for this fix to come out, you can revoke permissions for Pokémon Go from your Google account on this page.
Privacy Policy and Terms of Service:
It’s important to take a look at these documents in order to see what the app plans to do with your personal information.
One notable issue in the terms of service located inside of the app is that the links to the privacy policy and the Pokémon GO Trainer guidelines were not hyperlinked, and you have to agree to all three of them before gameplay.
Here are all three policies online so you can become informed before you download and agree.
- Pokémon GO Terms of Service: https://www.nianticlabs.com/terms/pokemongo/en
- Pokémon GO Trainer guidelines: https://support.pokemongo.nianticlabs.com/hc/en-us/articles/221993967
- Pokémon GO Privacy Policy: https://www.nianticlabs.com/privacy/pokemongo/en
Real World Risks
The game works by using augmented reality to lead you to various Pokémon so you can catch them, it uses Google maps along with your GPS to help you navigate to nearby Pokémon. The only way to make real progress in the game is to go outside and start walking.
In the physical world, users tend to become so engrossed engrossed in gameplay that they fail to pay attention to their surroundings and put their physical safety aside.
Injuries:
While the game always reminds you upon loading to be aware of your surroundings, it’s still pretty easy for users to inadvertently become “glued” to their screens while in gameplay. This can result in a lot of physical mishaps such as walking into trees, tripping over curbs and getting scratched and banged up in various ways.
Actually, you don’t have to be staring at your phone while walking around in order to see nearby Pokémon. You just have to leave it open and in your pocket as it will notify you by vibrating or making a sound when there is one nearby to catch.
Robberies:
Pokéstops are real-world locations that players flock to so they can interact with other people playing the game. There have been stories of criminals luring victims to Pokestops in order to rob them. Therefore, always be aware of your surroundings and the people around you, and if possible, team up and use the buddy system when venturing out to public spaces. Don’t be afraid to call 911 if you feel like you are in immediate danger or end up in a dangerous predicament.
Don’t play while driving:
Yes, there have already been stories of people driving around trying to catch Pokémon. Just don’t do it. Instead, bring along a navigator to handle the scouting of the elusive creatures, and when you find one, pull over safely and legally before you start launching your Pokéballs.
Your battery will die:
Because the game has to be always open while playing, and is constantly using your GPS signal and contacting their servers, this will be a huge drain on your battery. It’s a great idea to invest in a portable battery charger so you don’t end up lost with a dead phone in an unfamiliar area.
Use common sense:
I think the most useful section in the Trainer’s Manual is “Adhere to the rules of the human world.” This means obey local laws such as trespassing, looking both ways before crossing a street, being courteous and polite to other players and to watch where you’re walking! Another great tip is to always tell someone where you are going to be.
As with all things on the Internet landscape, it is always best to exercise caution, especially when being introduced to new technology. However, the fact that there are risks should not make users shy away from new things. The most important thing is to know the risks and be aware. Once you’re empowered with this knowledge, you can embrace this new technology and go catch that Mewtwo!