Your personal cyber security and anti-hacking news

Pokémon GO: How to Protect Your Privacy and Avoid Scams and Malware

by: Omri Toppol
How the Pokemon Go app can cause identity theft

Pokémon GO is a worldwide sensation, with a record-breaking number of app downloads and an impressive retention rate. Over 26 million fans are out there trying to “catch them” and while it may be possible to avoid bumping into a player, it is all but impossible to escape the online buzz talking about this latest gaming sensation.

The unfortunate truth, however, is that a game, an event or even a news story that draws a massive audience will also draw cybercriminals who will try to exploit it. From a criminal’s point of view it makes sense: successful criminals need a big victim pool and the best way to find them is to follow the crowd. Right now, the crowd is playing Pokémon GO. So if you are a Pokémon GO player or thinking about trying it out, assume you are being targeted by criminals and take extra precaution to ensure your identity remains safe.

Here are several tips to do just that:

Download ONLY the Official App From the Google App Store

If you use an Android phone, you must be especially cautious with the apps you install on your device. Much like in any Windows computer system, malware can threaten an Android mobile operating system, leaving Android devices at a disadvantage. While iPhone users can only download apps from the official store, Android enables the download of “apk” files from just about anywhere. Cybercriminals release “rogue apps” – applications that are infected by malware, either hidden in legitimate apps (like Pokémon GO) or as stand-alone related apps (i.e. Pokémon GO Guide) with the malware embedded.
Because of the popularity of Pokémon GO, it’s inevitable that some versions of the app will end up in unofficial stores, leading to forums becoming infected by malware. To avoid infection, we recommend downloading only the official app from the Google App Store or a store of equivalent pedigree. Do not be tempted to download guides and other “accessory” software for Pokémon GO, regardless of what they claim to offer and even if they’re on the Google App Store. While many are most likely legitimate, some are not (and yes, the Google App Store did have malware-infected apps listed in the past). Some of these apps may also be malware free, but will use permissions given to them in order to collect personal information on their users which may be disseminated to questionable third  parties.

Keep Your Pokémon GO Up to Date

The official Pokémon GO app itself can put you at risk of identity theft. It collects a crazy amount of personal information from each player, including your location, email address and it can potentially access your Google account. This amount of data collection is quite dangerous, as it is stored and can be used by game developer Ninatic. Even if you trust Ninatic with all this information (and, actually, why should you?) your identity will be in danger if someone hacks into their servers.

This is not paranoia. Consider the fact that major services have been hacked and have had information breaches; there’s no guarantee that this will not happen to Ninatic.

Protect Your Privacy

Ninatic has already stepped up and admitted that they’ve gone a little too far in their information gathering practices and promised a fix through an app update. So for the sake of protecting your identity, watch out for app updates for Pokémon GO and install them as soon as they are released.

You should also create a designated Gmail account that will only be used for Pokémon Go and other apps you may not want to link to your personal email, as your credentials can get compromised if they’re exposed to the app owner.  Using your main Gmail account also exposes your GPS data and directly links to your Pokémon Go activity.

Don’t play where you wouldn’t want to get tracked and stay aware of your surroundings when taking a picture; Identifying street signs, office buildings, and license plates can be used to determine your exact location and possibly reveal your identity. Consider disabling AR features that show Pokémons in the real world  to see a map instead of your actual, physical location. You’ll have more privacy playing the game and it will be easier to catch more Pokémons without having to aim your phone directly at them.

Follow Password Guidelines

Because it’s “only a game” you may dismiss the importance of creating a secure password for your account. But evidence suggests that future game developments may signal a major increase in account hijacking.

Ninatic’s CEO claimed that Pokémon GO’s current features are nothing compared to what they have on their drawing boards. The game developer is planning a steady release of future updates that will increase the game’s features and functionality. Gamers can’t wait to receive these new abilities and experiences, but some of these features, such as Pokémon trading may turn Pokémon GO into a bonafide target for criminal exploitation (similar to email, social media or bank accounts) through phishing attacks, stealing credentials using malware or password reuse exploitation. So setting up your Pokémon GO password with caution can be critical.

Cybercriminals often take advantage of “reused” passwords for multiple accounts. When an email or a Facebook account is hacked for example, the hacker will attempt to gain access to other services by reusing the password. As Pokémon GO accounts may well become a primary target, don’t use your Pokémon GO password  for multiple services. This is a great rule of thumb for all your online accounts.

Follow standard password creation guidelines: select a lengthier password; use complex combinations of uppercase and lowercase, digits and special characters. Following these guidelines can prove critical in preventing hacking.

You should also create a unique username that’s different from your other accounts  and doesn’t contain personal information. In the future the game may include features that allow you to view players’ information.

Don’t Take Shortcuts

In general, avoid taking shortcuts when playing the game. “Get free PokeCoins” scams are already abundant and, as noted, many third party guides like “Pokémon radars” and other apps designed to help speed your process, could be trojanized and infected by malware.

But after taking the necessary precautions – go out and enjoy the game! We’ll see you out there – we’re off to search for some Pokémons!

Written by  Omri Toppol

Omri is LogDog's marketing guy. He is passionate about technology, digital marketing and helping online users to stay safe and secure

« | »

Other Posts

Get Protected

Enter your email and receive security updates * 100% privacy guaranteed, we will never spam you.