The success of Pokémon Go has been truly unbelievable. But while parent company Nintendo has enjoyed rising stock and players have enjoyed the game, there has been a darker side to this augmented reality app.
There have been numerous reports of criminal activities related to Pokémon Go ranging from armed robbery to phone snatching of distracted players. That poses a question: how long will it be until cyber criminals start to breach the phenomenally popular game? Let’s look at how vulnerable the app is to hackers.
A target for hackers
It’s not surprising that Pokémon Go is such a target for hackers. It is currently estimated that there are more than 10 million active users – and many more who have signed up. It is also true that the app demands a lot of privileges from your phone, so there is an awful lot of data available to cyber criminals who could penetrate the defences.
Players currently need to give access to their camera, Google services and, crucially, their location at all times. Some believe that it is only a matter of time before malware is able to infect the game and take data from unsuspecting players.
Niantic have already admitted mistakes
Given the level of data that the game demands, you would hope that the defences are going to be strong enough to keep players safe from hackers. However, creator Niantic has already admitted that they have made a mistake. According to the company, they never intended to request such comprehensive access from users’ Google Account and that it was actually an error from the app.
The developer has now said that they intend to reverse this and only get the data that they need from users to run the game (the email address and user ID, so that it can be linked with your Pokémon Go account). However, this oversight appears to leave players vulnerable as the app currently has access to all of their emails and search history through Google.
Fake versions of the game
If this wasn’t worrying enough, it’s also true that there are other potential problems that users need to worry about. Many users in the UK were able to get the game on their phone before the official release. This was achieved by ‘sideloading’ the game onto a phone without using the official Android or iPhone store. It is believed that many users who have done so are now especially vulnerable to hacks as they are not afforded the protection from the official stores.
It should also be noted that there are a huge number of companion apps available in the stores, many of which are not official. These apps could potentially be dangerous as they may have been created by programmers with malicious intent. They could be using the popularity of Pokémon Go in order to spread viruses and malware.
What can you do?
If you’re worried about the potential for Pokémon Go to be hacked, there are a few different steps that you can take to keep your phone and data safe. Firstly, you should install security software on your phone. This is good practice whether you use the app or not.
One way to keep your Google account safe is to create a secondary account through Google and then sign up to Pokémon Go using that second account. You should also avoid downloading and using unofficial companion apps as there is no guarantee that these are reputable.
This post was written by Mike James, an experienced tech writer and occasional contributor to ForeverGeek, working on a project with cyber threat prevention specialists Redscan.