There hasn’t been app that has exploded this quickly in a long time — possibly ever.
An “augmented reality” game that combines geocaching with a kids’ favorite from the 90s- 00s, Pokémon Go is already nearing 10 million downloads. And you can hardly go on social media without finding someone either bragging about snaring a rare Bulbasaur or begging for an explanation of the phenomenon.
On Monday several stories broke about privacy concerns about the game so we ran them by our Security Advisor Sean Sullivan who had some good news for us: The stories are mostly overblown.
Let’s go through them.
You heard about the robbery of Pokémon players drawn by robbers to PokéStops?
“The robbery stuff is hyped nonsense, allegedly happens once, and the press can’t resist telling the story,” Sean told us.
If you’re really worried, practice the same tactics you use when trick-or-treating — including sticking to well-traveled areas and playing with friends.
How about Niantic, the app’s maker collecting “your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location.”
Sounds bad right? Maybe. But it’s “typical of most apps,” Sean says.
Still, as always, you should check you privacy settings.
What about the news that the app gives Nitantic full access to your entire Google account, which you have to use to create an account for the game!?
Turns out that the maker was never able to read your Gmail and the permissiveness has more to do with Google’s settings than Nitantic’s.
However, to play, you may still want to create a separate Google account that isn’t connected to your Gmail as F-Secure Labs explains below.
Yes, criminals are taking advantage of the app’s popularity and Android’s laxer security standards — at least compared to the iOS App Store — to spread infected fake “backdoored” versions of the app.
But that’s true of many, many popular Android apps, which is you should always stick to the official app stores and check reviews before downloading.
Sean is a known fan of Nintendo, which owns the Pokémon brand, so he may be a bit biased. But all he has is good news for you, for now.
Given the success of the app, you’re bound to hear many stories that stoke suspicion both of the app and the players. You’re also likely to see many imitators who will take advantage of how the app has exposed adult’s urges to play games on their phone that actually bring them into public.
And, of course, there will be efforts to monetize this sensation. Players can already buy virtual items to speed their progress, but augmented reality presents unique advertising opportunities.
“The game’s real-world nature also gives Niantic another intriguing moneymaking possibility, by charging fast-food restaurants, coffee shops and other retail establishments to become sponsored locations where people are motivated to go to pick up virtual loot,” the New York Times reports.
These partnerships may spark new concerns about sharing players’ location data with ad partners. But for now, people seem very willing to go out into the world and make themselves known as Pokémon Go players.
While the success of Pokémon Go may be extraordinary, the privacy and security concerns are typical of any well-known app.
[Image by Noah Cloud | Flickr]
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017