Pokémon GO - What are the security and privacy risks?

Who I am
Tom Chatfield
@tomchatfield

Summary

  • DroidJack malware
  • Pokémon GO, an intrusive application
  • An inevitable phenomenon
  • Risks in the real world
    • Car accidents
    • Crowd movements
    • Breach of private property
    • Assault and ambush

Since its release, Pokémon GO has represented a significant risk to the security and privacy of users. Initially offered in only a few countries (), the game has aroused the envy of many users around the world. The latter were quick to download the game unofficially on alternative sites.



DroidJack malware

This strong demand has attracted the attention of malicious people. Just four days after the game's release, cybercriminals assembled a package including Pokémon GO accompanied by dangerous malware, and made it available to Internet users on the web.

Called DroidJack, this malware targets Android users. Once installed, it is able to access all content stored on the phone including emails, photos, contacts, messages or videos. Moreover, hackers can take control of the smartphone remotely, and secretly activate the camera or microphone to spy on their victim.

Pokémon GO, an intrusive application

This problem was quickly resolved by the deployment of the game in 37 different countries, including France. However, even the official version of Pokémon GO poses a risk to user privacy. Once installed on a smartphone, the app can access GPS, clock and camera in order to use Google location data.

Recall that Niantic Labs, the game's developer, is largely owned by Google. Players must also log in using their Google account. Hence, users simply allow the app to spy on their Gmail account, calendar, photo gallery, and more.


Right off the bat, Pokémon GO is an application designed to monitor and study the behavior and movements of users. While focused on Pokémon hunting, players are unaware that the app is collecting potentially sensitive data.


Following numerous complaints and warnings from users, Niantic Labs was quick to reduce the number of permissions requested by the app. From now on, the game is content to access the basic information of the players' Google account. However, Pokémon GO is still very intrusive compared to most mobile apps.

If unfortunately Niantic Labs is hacked, all information collected and stored will end up in the possession of cybercriminals. They will know everything you do and can use your habits to rob your home or blackmail you by threatening to post your most personal content.

An inevitable phenomenon

The risk is all the more important since it is difficult to escape the Pokémon GO phenomenon. Even if you are not playing yourself, it is likely thata family member, co-worker or friend people around you have the app running in the background on their smartphone at the time you read these lines.

Within a company or an organization, this finding is even more worrying. Sensitive data related to the activity could be stolen through the application. In Israel, the army has just banned the use of Pokémon GO for fear that information such as the location of weapons stocks or photographs of military bases are found on the run. This decision was also made following the injury of a soldier who was playing Pokémon GO.

Risks in the real world

In addition to IT security, the danger of Pokémon GO indeed concerns the physical integrity of users. With their eyes riveted on the screen of their smartphone, many players forget to renew their information and we can no longer count the number of accidents related to the game. For pedestrians, it can be a simple collision with a passer-by or a post, without more gravity.



Car accidents

However, a large number of people do not hesitate to play Pokémon GO while driving, in the hope of covering a larger area and thus catching more Pokémon. Gambling-related car accidents are extremely numerous, and this is a very disturbing phenomenon that could lead to terrible tragedies.

Crowd movements

Another danger comes from the crowd movements caused by the game. When a rare Pokémon appears in a place frequented by many players, massive and frantic movements are caused. The most memorable to date is the appearance of an Aquali in Central Park, which caused a real rush, with people going so far as to leave their cars in the middle of the road to hunt down the virtual creature.


Breach of private property

Likewise, there are several miscellaneous facts about people Breaking into private property in an attempt to seize a Pokémon or conquer an arena. the 

Assault and ambush

Now, since the game's last update, Niantic Labs is warning players not to play while driving and to respect other people's property every time the game starts. However, there remains a major risk, that of the traps set and aggression linked to gambling. Some evil people do not hesitate to wait for players near a rare Pokémon or an isolated PokéStop to ambush them and steal their money.


In conclusion, Pokémon GO comes with significant risks, which can affect you even if you don't play it personally. In addition, the incredible success of the game certainly signs the advent of a golden age for augmented reality applications. Many games in the tradition of Pokémon GO are likely to see the light of day in the coming weeks, and all of them will require access to your personal data.



add a comment of Pokémon GO - What are the security and privacy risks?
Comment sent successfully! We will review it in the next few hours.