Possibly one of the biggest cultural crazes of the late 90s, over the last couple of weeks, Pokémon has made its return in the form of a mobile reality game called Pokémon GO. Free to download on Android or iOS devices, the game uses GPS to detect when and where the user is in the game and then uses the device’s camera to make Pokémon characters appear in the player’s surroundings.
A very clever concept, Pokémon GO reached the top of the app download charts within 5 hours of being released and was installed on 7.5 million devices in just a week…but how safe is the app? Are Pokémon Go users exposing themselves to a range of security risks?
When Pokémon GO was first released, it was only available in a selected amount of countries. This meant that many users who didn’t have access to it started downloading it off unofficial app stores and websites, increasing the chance of the game being infected.
Due to its popularity, it only took 4 days for cyber criminals to exploit this demand and embed malware into unofficial downloads of the game. The malware specifically targeted Android users, and once installed, could access everything on the device including emails, contacts, photos, text messages and even get remote control over the device’s camera or microphone. Imagine if someone used their work phone to download the unofficial app and the phone had access to sensitive corporate information…
Is the official game safe?
Even if your employees are downloading the official version of the game, the app still has access to the phone’s GPS, clock and camera, and because the app is closely linked to Google, you have to sign up with a Google.com account. This means that users could be giving the app permission to see their Gmail, calendars, photos and even more. Due to the app being designed to track a user’s whereabouts and behaviour, it is quietly capturing a range of sensitive data off the device…would you want information from a company phone being shared outside your organisation?
While you may not have total control over what you staff do with their phones, it is important to provide your employees the appropriate training, remind them of your work mobile phone policy and help them recognise the potential dangers of downloading content from unofficial app stores.
While many are in a rush to ‘catch ‘em all’, it is important that your business doesn’t catch something much worse!