Mobile App Security: Pokemon Go
Pokémon Go has taken over the mobile world by storm.
The game has gained a large following the last few days, adding up to $11 billion in Nintendo’s value. It’s a great little GPS-powered, augmented reality game that lets you hunt for Pokémons based on your location.
As the popularity of the cool app grows, so do the concerns for internet user safety and security.
While many were trying to hunt for Pikachu in their neighbors’ backyards, the developers of the game, Niantic, were trying to fix a security bug on the iPhone version of the game.
According to Principal Architect at Red Owl Adam Reeve, when you signed into Pokémon Go with your Google account on your iPhone, you essentially gave it full permission. Reeve claimed that the game now had the ability to read your Gmail, check your search and Maps history, get access to your Google drive, private photos, and much more.
The talk on the subject led Al Franken, the Democrat Senator from Minnesota, to contact the makers of the game and address the issue – forcing Niantic to respond immediately and change the permission level the game needs to access in order to fully function on your phone.
This is just one example that illustrates how popular apps can encroach on user privacy in dangerous and unseen ways.
Many apps are in the business of getting more permissions from your phone than they should. Some, like flashlight or compass apps, will ask permission to know your location. Facebook was found to share your location, without your consent, to recommend new friends to its users.
Even if the consent was received from users, studies show that most people don’t even bother to read the terms of agreement and simply click “Accept” or “I agree to these terms and conditions.” Even if those Terms & Conditions request them to give up their first born child, or to get one by 2050.
Essentially, mobile phone users are filling their devices with apps that offer increasingly demanding T&Cs looking for more access to private information.
Malware and other threats
Another issue that arose with the international Pokemon Go hype – was the mass of illegal app downloads from outside the Google’s Play Store – many of which were filled will malware. As eager Pokemon trainers were anticipating for the app to be made available in their country, several look-a-like apps and apps promising to fake one’s GPS location to access the game, in fact were often scams looking to lure eager fans, targeting their private info.
Installing fake apps can give access to hackers who can download user’s data, steal their identity or banking information, send emails on their behalf and so on.
Every Internet user should be vigilant and aware of some basic rules in order to stay safe online – whether they are shopping online, downloading a game or doing an online banking transaction.
Mobile device security tips
1. Stay away from public Wi-Fi
It cannot be stressed enough how dangerous it is to share your personal or financial information over the web while using a public Internet connection. Public Wi-Fi networks are common hunting grounds for attackers and data snoopers who try to access your personal information and use it for their benefit on your expense. Since public networks have negligible security, you should try and avoid using them while making online payments.
2. Be wary
Being vigilant can help you a lot in the task of shopping online, downloading software or doing any other transaction online securely. Whenever a website requests for more information than is usually required, like your Social Service number or any other kind of personal information, it usually spells fraud. You should always be cautious before giving your personal or financial details anywhere on the Internet.
3. Use a VPN
VPNs encrypt all the data you share across the Internet on any website. They are the best security mechanism you can employ to make sure the data you share over the Internet is safe from prying eyes and remains confidential. NordVPN offers extra safe encryption protocols, has good global coverage and offers unique data routing solutions like DoubleVPN servers.
4. Be careful of P2P downloads.
The recommendation is to stick to app stores as well as known third party providers, such as Amazon, when you download any apps from the Internet.
5. Sign-Out of info-sharing/tracking services
We also recommend never signing into any app or software with your Google or Facebook account.
Remember, your privacy and security is ultimately in your hands, so it’s best to remain vigilant.
Got any other tips and tricks for Pokémon Go or the other mobile apps? Let us know in the comments below!