Food for Thought: How Pokémon GO Can Impact Your Firm’s Security
Unless you’re living under a rock, you’ve at least heard rumblings about the newest app craze to hit the market: Pokémon GO. In existence for a mere 6 days thus far, Pokémon GO has already amassed more daily users than Twitter and Snapchat. And we’re not just talking about kids and millennials here. The app seems to be, perhaps unexpectedly, popular with users of all ages.
The potentially big concern to be aware of is the information users are making accessible to the app’s developer, Niantic Labs. To play the game, a Google login is required (unless you have a login with Pokémon), meaning the permissions you grant to the app include giving access to your full portfolio of Google accounts. That means email, contacts, calendar, photos and files. Even scarier, if you use Google Apps for Work, what information are you unwillingly providing to Pokémon GO?
If you’re a public cloud user and leverage Google Apps for corporate purposes, it’s worth taking the time to research the potential privacy and security impacts if your firm’s users also happen to be Pokémon GO users. At just six days old, there’s likely plenty more to be learned from the app, and the developer will likely be sharing more information in the near future on security permissions and settings.
Other potential security concerns to be aware of:
Niantic Labs has noted that it may disclose information about Pokemon GO users “…to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (a) to respond to claims, legal process (including subpoenas); (b) to protect our property, rights, and safety and the property, rights, and safety of a third party or the public in general; and (c) to identify and stop any activity that we consider illegal, unethical, or legally actionable activity.”
Because the app was initially only released in limited counties (US, Australia, New Zealand), people from other countries have attempted to gain access to the app through unofficial channels. Taking advantage, hackers have already begun to post malware-infected versions, hoping to steal or compromise user information once the malware is installed.