Pokemon Go – A Very Quick Primer on Security and Safety to Think About

pokemonThe world has a new app that actually gets people off the couch and into the world. These game players actually have to walk and are secretly getting exercise. I wonder if the game maker has a secret agenda to get exercise into people. It just might work. What on earth is going on out there? I’ve already fielded a couple of questions about the security of this app, and of the safety. So I pulled some details together.

A Joseph Bernstein article pointed out that Pokémon Go can tell a lot of things about you based on your movement as you play: where you go, when you went there, how you got there, how long you stayed, and who else was there. And, like many developers who build those apps, Niantic keeps that information.

This Hacker News article says this app gives full account access to your Google account. Here’s how to revoke it:

  1. Head onto your Google account permission page and look for Pokémon GO.
  2. Select Pokémon GO Release and click “REMOVE” button to revoke full account access.
  3. Launch Pokémon GO on your device and confirm it still works.

This will immediately revoke the Pokémon GO app’s access to your Google account, but the downside is that users may lose their game data.

And then there is the potential danger this app can involve people in. Like this report of a robbery where a man stopped to pick up the game token and four kids robbed him at gunpoint. In the same article a teen reportedly found a body in a river.

And of course, there are versions of Pokémon Go for the Android phone that contains malware, which can infect the entire phone giving full and complete access of the device and anything you might attach it to. (Think of the kids: what kinds of information is on their device I wouldn’t want anyone to know about…location? Where they hang out? Where they live? What are their travel patterns?) From an AgStar perspective we don’t use Android phones so all is good there.

If you are like me and really have no idea what Pokémon Go is then this guide will give you all the details.

Now, I tend to be a bit old fashioned perhaps. My kids grew up with Pokémon and I did my best to resist their interaction then; to no avail. Today my sons are 23 and 25 and are caught up in this phenomenon again; a reminder to me that Pokémon was a bane to my existence.

As a parent today, I would recommend learning everything you can about the game. Then take the time to go over the ground rules with your kids. I would also be concerned about the information the game maker draws off of the phone. As a security professional the best thing you could do is not install it and don’t get caught up in the craze. As a realist, your kids (and you, be honest) will download the game and get caught up in the craze. Just be careful where you are walking, and don’t play while driving. While that is going on let that voice in the back of your head worry about what kind of information about you is getting pulled out into the dark web. It’s happening.

 

This is a Security Bloggers Network syndicated blog post authored by Jeff Evenson. Read the original post at: Security Friction