Playing Pokémon GO? Know the risks and how to mitigate them

AUGUST 2, 2016

While Pokémon Go has become seemingly ubiquitous, people should be cognisant of some important risks, says Zulfikar Ramzan, Chief Technology Officer, RSA, the Security Division of EMC.

According to Ramzan there are cyber risks to playing the game but ways to mitigate them.

“Unless your home has been inside of a cave for the past week, you’ve certainly heard of Pokémon Go. Scratch that. Even if you have been living inside of a cave, chances are that someone inadvertently entered in hopes of locating Pikachu.

“One way to sign up for a Pokémon Go account involves using your (existing) Google Gmail account as a conduit. As a result, the creators of Pokémon Go, Niantic, are effectively given access to that account.

“It has been erroneously reported by some that Niantic has full carte blanche access, but that doesn’t actually appear to be true. They have more restricted access and claim that they only request a small amount of information from Google. Still, it’s important to keep in mind that what an organisation actually accesses is not necessarily the same as what they can actually access and, more so, what they may be able access in the future,” says Ramzan.

According to Ramzan even if Niantic only intends to access a small amount of data, they are actually capable of accessing more. Of specific concern are situations where Niantic is hacked from the outside or a rogue employee decides to abuse the access he or she already has.

“The simplest way to alleviate this risk is by creating a secondary email account that is dedicated to Pokémon go. More so, you should avoid co-mingling data on that dedicated account with data on your primary Gmail account.

“The other risks to be wary of are installing rogue versions of the Pokémon Go application or apps that purport to somehow help you with Pokémon Go. Such cases have already cropped up. If you download the app and/or any helper apps, be sure to only do so through official channels, like the Google Play store or the Apple App store. More so, be wary if it looks like the app is not popular or only seems to be used by a small number of people. In such a case, you may be dealing with an actual rogue app that somehow infiltrated the walled garden,” says Ramzan.