Pointy-Eared Yellow Creature Used as Bait to Rob You and Access Your Private Information

Does the thought of a little yellow pointy-eared creature bring back a feeling of nostalgia for you?  If so, you’re not alone. The creators of the Pokémon games have figured out a way to bring back the popular critter to create a craze once again for those who grew up with it for a new generation of fans. This time, they use a free game app called Pokémon Go, which has been luring people to parking lots, rushing river banks, parks at night, and in some cases to their deaths. And that's not all. It also tracks your every move and accesses your personal data.

In basic terms, Pokémon Go uses the GPS, clock, and camera from a user’s smartphone to detect where and when a player is in the game. Then the little Pokémon creatures “appear” around the area (actually on the phone screen) so that they can be captured. As the players move around, more Pokémon will appear. The idea is to get people to travel around the real world to catch the Pokémon.

It's fun for everyone, but there are some concerns about privacy. Particularly for those using the game on iOS. It's been reported that users logging in using their Google accounts are also allowing the game's developer, Niantic, access to not only your location, but also to your calendar, your contacts, your browsing history, and all of your photos. Basically to anything you access with your Google account, Niantic can now access too.

That said, let's not get carried away. Niantic isn't snooping around your device to see when you have your next dinner date. However, it does point out that many apps ask for much more access than they need; and not just Pokémon Go. Always pay attention to what any app is asking permission to use. Unless it is a calendar app, it probably doesn't need access to your calendar and most don't need access to your microphone. So, don't give them those rights. It's always good practice to go into the settings for the apps afterward and make sure you are not giving it more access than it needs to function properly.

Also consider whether or not you want to sign into any app with another account such as Facebook or Google. If you do, make sure you check the privacy settings for those accounts too, because whatever rights you give them, you are also giving to the app using the account login. It's better to just create a new account in the app or game itself. This allows you to control each one separately based on just what it needs to function.

There is a reported workaround and a way to remove the additional access for Pokémon Go by going into your Google account in the security permissions and revoke permissions. As long as you are still signed in on the game, it seems that you can still use it according to a blogger on CNET. However, if you get kicked out or close it, you will need to revoke permissions each time.

Niantic knows of this issue and is working on a fix. If you are one of those early adopters of the game, you should apply it as soon as it is available. Otherwise, consider waiting a few weeks before jumping on the bandwagon and let them work out some of the bugs.

In addition to the privacy issue, there are physical security concerns as well. Police in St. Louis, Missouri have warned that criminals are using the geolocation feature of the game to lure players to isolated locations and rob them. At certain levels, players can congregate at places to engage in virtual battles and another feature supposedly allows the creation of beacons to lure players to a particular place. All of these create more dangers.

It’s always a good idea to seriously consider how you want to use all the features of smart phones these days. While using geolocation features allow you to do a lot of great things with the device, it also can tell others with nefarious intentions where you are and when.

Keep in mind that often, the more popular an app the more likely it will eventually be used for spreading malware and this one is already extremely popular. In fact, some are saying this game is on the verge of overtaking Twitter on Android in terms of daily active users. Make sure that if you download any game or app, get it from your device’s official app store. Getting it from elsewhere is called sideloading and that comes with added risks that aren’t as high when you use the Apple Store, Google Play, or other official store.

Pokémania is getting a second wind. Although it has only been available in the United States for a little over a week, it is causing incidents. People are so busy staring at their phones that they aren’t paying attention to oncoming traffic and getting hit, doing faceplants on sidewalks, and in one case a teenage girl stumbled upon a dead body when tracking down one of the little critters. If you happen to be near a police station, it’s not advised to go lurking around either. Police in Duvall, Washington while encouraging game play, have advised players to “be smart about it. One way of NOT playing smart is to go creeping around the Duvall PD.”

© Copyright 2016 Stickley on Security