Within two weeks of its release in select countries, millions are already going mad for Pokémon Go, the mobile app based on the popular Japanese and game movie franchise. The media has covered the crowds of men, women and children chasing down the "pocket monsters," wandering around parks until the middle of the night hoping to find a rare virtual creature for their collection. While the game has become an instant success—in regions where the game is available—players who are eager to catch ‘em all may be exposing themselves to all kinds of risks.
The game has already attracted opportunistic cybercriminals eager to take advantage of unsuspecting gamers. Within the few weeks since its release, there have been numerous fake versions and bogus supplementary apps that infect player’s devices with malware. One example is an app called “Pokémon Go Ultimate”, which was made available (and now removed) on Google Play. Once downloaded, the app ran without the user’s knowledge and clicked on ads in the background.
As the game's popularity grows and it becomes available in more countries—where the app is projected to shoot to the top of every mobile app chart as soon as it becomes available—scams and fake apps that are designed to take advantage of the hype and unsuspecting players are expected to follow. It's all a numbers game after all—whenever something draws the interest of large groups of people, cybercriminals and scammers are likely to join in.
Here are some tips for safe mobile gaming:
Download from trusted sources. Pokémon Go isn’t available all over the world just yet, but news about the game is. Niantic, the game's developer, reportedly has its hands full dealing with the surge of players from the handful of countries where it initially launched, causing them to announce that they do not have any plans to launch in more countries at the moment. This excitement, coupled with its limited availability, is leading to impatient fans downloading the game indiscriminately. Versions of popular games often pop up online on unofficial third-party sources, masquerading as free, "cracked" versions of the real thing. As tempting as that sounds, it’s also the easiest way to get your device infected with malware. While there have been instances where malicious apps have been made available on official app stores, it's still the best way to avoid risky apps.
A recent report found that China, India and Indonesia were the countries holding the most compromised Android devices, which was linked to their preference of third-party app stores to download popular games. The available games on these stores aren’t worth the risk of running into malware.
Create a separate gaming identity. Privacy is becoming increasingly difficult to maintain, especially with games and services that require so much personal information for registration. If you want to stay anonymous on Pokémon Go, create a unique username and a separate email address to use exclusively for games. Make it completely different from your personal addresses so that your name cannot be cross-referenced with any other online activities.
You should also think twice about using your social media accounts to log into any apps, games, or other online service—these sites can collect information about your online activities and use the data for targeted marketing or research purposes. A data breach on these sites and services could also expose you to other risks, such as identity theft and account hacking that you didn't sign up for.
Be aware of what permissions you are granting. As an augmented reality game that relies heavily on location information, Pokémon Go requires more permissions than most apps. Look carefully at what information, features, and settings the game is asking to access, and make sure that you are comfortable with what you are authorizing.
When it was first released, Pokémon Go requested full access to the user’s Google accounts, which meant it could see and potentially modify everything under that account—from Gmail to Google Maps. Developer Niantic quickly issued an update to address the issue, and reduced the app's access to the basic Google profile: user ID and email.
Be diligent with your updates. As mentioned above, updates are necessary to make sure all the app's identified bugs and vulnerabilities are fixed. Whenever you update, be as diligent as you were the first time you downloaded the game. Check if there are any additional permissions needed, and make sure you understand the new changes. You can also read the reviews of other users to see if the update is helpful and if it is applicable for your device model.
Install a trusted mobile security solution. Part of game play is a solid line of defense, and for your device that means a comprehensive security solution that provides protection and lessens the probability of malware encounters.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).