Released in early July, Pokémon Go is the latest mobile app craze to hit the smartphone market – with close to 8 million downloads since it was made available to Android and iOS devices, according to U.S. estimates.
Using your mobile phone’s camera, GPS functions, combined with augmented reality technologies; Pokémon Go challenges you to catch all the Pokémon creatures, train them, and be a Pokémon master as the end goal.
The game allows you to explore the real, physical world while searching for the myriad creatures in the Pokémon kingdom. When near a body of water, there’s a higher chance to “catch” a water Pokémon; when in a forest, a more woodland type creature; and so on. Once a creature comes up on your screen, you then throw your Poké balls at the Pokémon to capture it.
Pokémon Go also enables its users to battle for gyms with other users or the app’s artificial intelligence. These “gyms” are specific locations in your area where Pokémons can be trained to attain higher levels.
Along with this latest craze however, come some risks.
The latest gaming app was downloaded 8 million times within a week of its release; however, it poses some security risks.
On a physical level, the game could expose careless users to actual bodily harm. Not paying attention to your surroundings while playing the game could lead to minor injuries like tripping over something, or much worse.
There have also been some cases in the U.S. wherein users trespass into a stranger’s property while on the app – just to catch some elusive Pokémons. This could lead to a wary homeowner to use force against the unintentional trespasser. There have also been reports of criminals utilizing the app to lure unknowing victims into their locations to rob them.
The risks do not end there, though. Less than 3 days after Pokémon Go’s release in the mobile app market, Trend Micro was able to identify a modified version of the game that included a malicious remote access Trojan. Called DroidJack, and identified as AndroidOS_SANRAT.A, the fraudulent app could be downloaded from third party file-sharing websites.
The fake Pokémon app targeted users from regions where the game is not yet officially available. DroidJack is capable of giving the hacker full control over the infected phone. Experts said that the fake gaming app is able to control an Android phone’s primary utilities, which include accessing, modifying, and making calls, text messages, contacts, camera functions, Wi-Fi connectivity, etc.
A number of media outlets were said to provide details on how to install the game from third party sources. These details included how to install the Android application package, which eventually lead to the huge server overload. Users passed the Android application package around so other users who were in areas the game was not yet available could side-load Pokémon Go.
The Pokémon mobile app asks for complete Gmail account details upon registration. This means that Pokémon Go and its developer Niantic could theoretically go through your email and Google drive data.
Experts also found out that iOS users of the app, when registering with their Google credentials, might not be totally aware of the app’s full account access conditions.
Niantic, however, said they did not access any private information aside from the login details, and the full account access for iOS users will be amended by Google.
“Pokémon Go only accesses basic Google profile information (specifically your user ID and email address) and no other Google account information is or has been accessed or collected,” said a spokesperson for Niantic.
As of this writing, there have been no reported cases of users being infected by DroidJack. It is, however, recommended to be aware of unofficial, third party app sources. The infected Android application package cannot be easily identified; it’s only difference would be the app’s permissions, something not everyone would check.
Downloading from legitimate mobile app stores is still the way to go. Taking into consideration what the app is able to access, and what risks come along with it, should always be taken into account before accepting any conditions or granting any permission to the app.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.