Flattr this
gaming

Pokemon Go: A Hacker's Delight?




Pokemon Go is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. The game has been so successful that is alleged to have added $9 billion to Nintendo's market value. However, the good news has been dampened somewhat by revelations that the Japanese gaming company's latest hit may have been used to spread malware.

The game's release is being staggered by region over a period of weeks, with some countries still awaiting official release. For some the wait is too much and avid gamers are looking for alternate means of installing and playing the game. Those who wish to have the game prior to its official release in their particular region may be tempted to 'side-load' the APK file. 

Side loading entails installing an app downloaded from an unauthorized site. Enterprising criminals have been hard at work, packaging the latest blockbuster game with malware designed to relieve users of their valuable personal data. The hacked version has the same introductory screen graphics as the official, unadulterated version and is thus difficult to identify. According to Proofpoint the backdoored version of Pokemon GO has the ability to:
  • Read and edit text messages
  • Make phone calls
  • Send/Receive text messages
  • Modify contacts

Even the official version has security analysts querying the intentions of the game makers. There are legitimate privacy concerns surrounding Pokemon Go and Google accounts. Apple iOS users are required to grant Pokemon GO full access to their Google accounts, this includes the ability to:
  • View/Read/Send/Delete emails
  • View/Share/Edit Google Drive documents
  • View/Share/Edit Google Photo images

Niantic Labs, the software development company behind Pokemon Go has released a statement claiming that the need for full Google access is an erroneous addition:
We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.  Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

The statement claims that Google will 'soon' provide a permanent solution, in the meantime readers who find it impossible to live without Pokemon Go should ensure that they stick to the official online outlets - Google Play or the App Store. Apple iOS users should revoke access to their Google data from here: 
  • Select 'Pokemon Go' 
  • Select the 'Remove' button. 

This remains a necessary course of action for those iOS users who have uninstalled the game.

About Afritechnet

0 comments:

Post a Comment

Powered by Blogger.