Pokémon Go popularity highlights AR security risks
Pokémon Go is now an AR global phenomenon, having experienced an unprecedented level of success in both official and unofficial locations.
Whilst the number of countries which officially offer it on their App Stores has increased, the fact that it was only available in the US, Australia and New Zealand during its initial launch has led to a number of counterfeit apps appearing on the iOS, Android and Google Play stores.
The incredible; seemingly overnight, popularity of the app has led to other risks developing as well, mainly due to its main feature, AR.
Players across the globe are now negotiating real-world locations in an attempt to ‘catch ’em all’ and complete their Pokédex, but at what cost?
The AR threat
AR has received mass attention thanks to Pokémon Go’s massive success, but concerns have already been raised about the associated danger.
By nature, AR games direct players to locations around their vicinity as part of the user experience (UX). As a result, players are now routinely entering police stations, churches and even graveyards to catch a particular Pokémon and warnings have already been issued about trespassing on private property.
People need to be aware of the risks...especially as future AR-based games continue to grow in popularity
Another concern regarding the AR feature is the fact that the app is based on the use of a smartphone’s internal GPS location capabilities, clock and camera to detect when and where the player is in the world, so that the Pokémon can appear in ‘real life’.
Location tracking is therefore a key element of the game’s functionality, but within a month of its launch, there has already been an incident in the USA where this was used to lure players to a remote location, where they were robbed at gunpoint.
Whilst this was hopefully a one-off incident, as the game rolls out in even more locations in the coming months, the amount of data accessible by malicious individuals will need to be monitored very carefully.
The cost of counterfeits
Due to the limitations implemented by Niantic, the developers of Pokémon Go, there are still countries where the app is not yet available. As a result, within four days of launching the app, counterfeit versions appeared on global app stores to satisfy this demand.
In some cases, these versions have been found to be embedded with hidden malware, which once installed allows a fraudster access to emails, text messages, and even contacts on the player’s device.
In addition to this, because the camera plays a significant role in the functionality of the app, this ‘Droidjack’ malware can also give attackers remote control of the device’s camera to enable remote recording.
A report from ESET has also found three counterfeit versions of the app on the Google Play store. One in particular, ‘Pokemon Go Ultimate’, incorporates the first example of ‘lockscreen’ technology.
Immediately after the app is installed, the phone becomes infected with malware which deliberately locks its screen, leaving players unable to use their device until the battery has been removed and the device rebooted. Despite the app removing itself from the device’s app menu after the phone is restarted, it secretly continues running in the background, clicking on ads to generate revenue for its parent company.
People need to be aware of the risks associated with counterfeit apps like these, especially as future AR-based games continue to grow in popularity.
In order to safeguard consumers from installing malicious content, and protect a genuine brand’s reputation, education is key and the brands must ensure that the games are only downloaded from licensed app stores.
Players should also closely inspect the app’s publisher, the number of downloads and the app store’s reviews for any signs of counterfeiting before clicking. By doing so, gaming enthusiasts and nostalgic Pokémon fans can embrace the AR trend and become Pokémon Go champions without the risk.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.