Securing the Digital World

Play Pokemon Go? Know the Risks and How to Mitigate Them

Jul 15, 2016 | by Zulfikar Ramzan, PhD. |

Unless your home has been inside of a cave for the past week, you've certainly heard of Pokemon Go. Scratch that. Even if you have been living inside of a cave, chances are that someone inadvertently entered in hopes of locating Pikachu.

While the game has become seemingly ubiquitous, you should be cognizant of some important risks. This blog post covers those risks and suggests what you can do to mitigate them.

One way to sign up for a Pokemon Go account involves using your (existing) Google Gmail account as a conduit. As a result, the creators of Pokemon Go, Niantic, are effectively given access to that account.

It has been erroneously reported by some that Niantic has full carte blanche access, but that doesn't actually appear to be true. They have more restricted access and claim that they only request a small amount of information from Google. Still, it's important to keep in mind that what an organization actually accesses is not necessarily the same as what they can actually access (and, more so, what they may be able access in the future).

In other words, even if Niantic only intends to access a small amount of data, they are actually capable of accessing more. Of specific concern are situations where Niantic is hacked from the outside or a rogue employee decides to abuse the access he or she already has.

The simplest way to alleviate this risk is by creating a secondary email account that is dedicated to Pokemon go. More so, you should avoid co-mingling data on that dedicated account with data on your primary Gmail account.

The other risks to be wary of are installing rogue versions of the Pokemon Go application or apps that purport to somehow help you with Pokemon Go. Such cases have already cropped up. If you download the app and/or any helper apps, be sure to only do so through official channels, like the Google Play store or the Apple App store. More so, be wary if it looks like the app is not popular or only seems to be used by a small number of people. In such a case, you may be dealing with an actual rogue app that somehow infiltrated the walled garden.

Beyond cybersecurity risks, there are physical security risks to Pokemon Go. (Take a look at this article from CSO). As users roam with impunity obsessed with trying to find a Charizard, they may not be wary of their physical surroundings - whether that involves traipsing over the edge of an ocean bluff or winding up in unsafe neighborhoods.

If the active user count is any indication, Pokemon Go is clearly addicting. But as with any new technology concept, you have to be wary of the pitfalls. I hope you keep account for the caveats I mentioned as you strive to catch yet one more Coventry.