By Mike Cobb, Director of Engineering
Pokémon Go, the smartphone game that became an overnight worldwide sensation, may be more than a cute time-waster. It could provide cybercriminals with an entry point to your business and personal files.
Corporate security directors were already wringing their hands over employees who mix their work and private information on the same phone. Now, with the Pokémon Go phenomenon comes another threat — malware added to the treasure hunt game’s software might give hackers remote control access to everything on board.
On Aug. 4, the BBC reported that Iran had become the first country to ban the game, citing unspecified “security” risks.
Many problems have been traced to game downloads from third-party sources, where mal-intentioned software writers have posted tainted code posing as authentic gameware.
The Wall Street Journal reported that suspect software has been removed from the Google online marketplace, but any download from anywhere needs to be effectively vetted before installation.
What Can You Do?
Make Sure You’re Downloading the Correct App
There have been several Pokémon Go copycat apps and add-ons with similar names, but they have no direct connection to the game and may lead you to an entirely different and unsafe location.
Start by only downloading apps from Google Play (on Android) or the AppStore (on an iPhone). Both of these stores review apps before making them available for purchase and have been successful at weeding out most (but not quite all) malware apps. Do not download apps from any third-party app stores.
It’s good practice to know the maker of the app you want to download. Pokémon Go is made by Niantic Inc., so be sure that any downloads of this app or related apps are made by this company. If it’s not made by Niantic Inc., we don’t recommend that you download it.
Pay Attention to Your Permissions
Some download requests want blanket access to everything on your system. Review what information the app really needs before you download anything from any source. Be extremely wary of requests for personal information, like your email account.
“Pokémon Go uses your camera and location to play the game, so that makes sense,” Lukas Stefanko, a malware researcher with IT security firm Eset Ltd., told the Journal. “But if any app asks for something you’re not comfortable with, say no and delete the app.”
Trouble? Power Down.
If you get an app on your phone that causes trouble, remove the battery to stop the app from functioning. If you have an iPhone and are unable to remove the battery, hold down the Home and Power buttons at the same time until your device turns off.
When you power your phone on again, delete the app. Often, these malware apps do not show an icon on your home screen, so you will need to go into your settings, find the troublesome app and delete it.
If you are unable to delete the harmful app, you will need to factory reset your phone and start over. Hopefully, you already have a backup of your phone before doing this. We recommend that you always have at least one backup of your important data (2 is better), just in case of malware, damage to your device or other data loss situations.
Still Want to Play Pokémon Go?
For those not familiar with how the game is played, here’s a good beginner’s guide to Pokémon Go from MacWorld.