Pokémon Go fantasy game creates real-life vulnerabilities
As if texting and e-mail weren’t enough to capture people’s attention as they are walking or driving, now Pokémon Go is creating yet another reason to take your eyes off the road or not watch where you’re walking in the airport, at the mall or on the street.
It’s only been available for two weeks in the United States, but Pokémon Go has become the latest technology craze to mesmerize gamers of all ages.
The game allows players to cross over from the fantasy world of Pokémon to explore the real world as they look for creatures with names such as Diglett, Ponyta and Doduo, which can appear anywhere ― on someone’s shoulder, along a walkway, in a trashcan or behind a light pole.
The app was created by San Francisco-based software developer Niantic Labs, and can either be downloaded from the Pokémon website or through Google Play, which required users to login via their Google credentials, giving the app access to all of a users’ Google-related information such as Gmail, Google Docs and Google Photos, or through iTunes for the iOS platform.
Niantic Labs issued a statement once they discovered that Pokémon Go accounts on iOS were requesting full permission to access a user’s Google account. They are working on an update that will limit the information requested to only the basic Google profile data the app needs to operate. Users will not have to take any action to fix the flaw.
But this action begs the question, what are the risks of sharing information through third-party apps? Adults rarely bother to read the download permissions and children will click “ok” just to access the app.
Christie Alderman, vice president of Chubb’s personal risk services, says parents and end users should be concerned about the amount of information apps are collecting and sharing with third parties because frequently it isn’t clear who these entities are or how the data collected will be used.
“People should really be thinking about this,” she said. “They don’t have a sense of how the little bits of data they give away are being collected by data aggregators to create a more comprehensive picture of you.”
She explains that “if you add in someone’s age from a survey, social media information from their profiles and geolocation services that track where you are, all of a sudden they have comprehensive information about you that apps are selling to third parties. Overall, that’s a concern with these apps. And is the convenience worth sharing all of that information?”
Because the game is so popular, versions with malware embedded in them have flooded the market. This can create vulnerabilities in a phone and allow hackers access to any information the owner accesses with his or her phone. “Don’t download anything unless it’s through a reputable store,” advises Alderman. “There are a lot of malware distributing apps that use a similar name in order to get you to download them.”
Pinsir, a Pokémon, is found by a group of Pokémon Go players, Tuesday, July 12, 2016, at Bayfront Park in downtown Miami. The “Pokémon Go” craze has sent legions of players hiking around cities and battling with “pocket monsters” on their smartphones. (Photo: Alan Diaz/AP Photo)
Practice safe gaming
It’s not just applications that present a danger to children either.
“In any social media platform where people are interacting with strangers, you have to have a conversation with your children about how to act online such as don’t tell them your name or how old you are,” adds Alderman. She recommends turning off the geolocation services on your phone when not using them because they can become embedded in your photos that might be posted on social media platforms.
She also recommends skipping any in-app purchases ― game accessories such as balls, food, weapons and the like. “When an app holds your credit card information, that makes the game harder and encourages you to spend more money, and that puts more vulnerability in the interaction.”
Alderman says to isolate your activity and provide just the bare minimum of information. “Give just what you have to in order to use the device or app,” she advises. “They don’t need to know your birth date, marital status or relationship status.” If the app links to an account, she says to set up a shadow account that doesn’t pull all of your personal information and contacts into the app.
Dangerous and inappropriate places
Sadly, some will use apps for more nefarious purposes. Pokémon Go encourages people to visit different landmarks, parks and other areas to capture more creatures. In Parkville, Maryland, three people were robbed at gunpoint when they were lured to an area after midnight by the game. The thieves took their phones and money before fleeing the scene.
Since gamers are so intent on their game, they may not pay attention to their surroundings and may be willing to go into unfamiliar areas. The Texas Department of Transportation posted a warning on its Facebook page to remind players to be alert to who and what is around them, to not drive and play, and to watch where they walk.
Alderman suggests that players use common sense. “Travel with friends, don’t go into unfamiliar areas, and think about your physical safety.”
In their pursuit of creatures, some gamers are even venturing into places where it is inappropriate to play, such as cemeteries, museums and churches. A number of institutions such as the Holocaust Museum in Washington, D.C., and Arlington National Cemetery have asked players not to search for Pokémon creatures in those locales.
The game is designed to have Pokémon creatures appear when the gamer is moving at less than 20 mph. That means players shouldn’t be able to see them when they are driving unless they appear on the dashboard or rearview mirror, but drivers still shouldn’t be playing and driving.
Numerous pedestrians have been injured by walking into manholes, trees or tripping over curbs and other obstructions. However, getting injured at work while chasing a Pokémon probably won’t qualify as a workers’ compensation claim.
JUL 19, 2016 | BY PATRICIA L. HARMAN