Hands up those who would leave their front door unlocked and all their personal information like passports, identity cards, bank details, their children's details and even passwords left out for cybercriminals to exploit?
Not many of you? Well, you will be surprised because that's exactly what Pokemon Go players are doing. If you sign up with your Google account, there are some nasty surprises waiting in the dark. Researchers have found the app has full account access which means the app and its creators have access to your search history, personal information, Google photos - well actually everything in Google Drive, location history and much more. Not only can the app read your data, inbox and calendar it can potentially also modify it. So, in theory the makers of the Niantic could potentially send emails on your behalf, copy all your photos and post them online and expose all your personal information. So players, be aware of what you are signing up to.
All this data has very serious consequences on privacy. There also another potential risk, Pokemon Go is only available in certain countries so keen players in other geographic locations are downloading the Android version through unofficial channels. Hackers have already posted malware infected versions to some of these onto download sites which means they have complete access to your phone to commit crime - like, sending fraudulent emails, setting up new accounts, downloading illegal content e.g. pornography and making social media posts on your behalf.
Pokemon Go players beware! You have been warned...
Author: Rashmi Knowles
Category: RSA Fundamentals, Blog Post, Securing the Digital World
Keywords: Pokemon Go