Pokémon Go, the new GPS-based augmented reality OS and Android mobile gaming app, has been causing a riff amongst the cyber community, leaving many concerned about the privacy risks and cyber threats associated with this new application.

Researchers at Proofpoint spotted malware in a malicious Android version of the app that was downloaded by users in the US, Australia, and New Zealand from outside the Google Play app store, leaving many to believe the app was targeting users who were ‘sideloading’ the app before it was released in their region.

The infected version of the app was found to be infected with the DroidJack Trojan, allowing an attacker full control over a victim's phone.

“DroidJack gives attackers complete access to mobile devices including user text messaging, GPS data, phone calls, camera- and any business network resources they access,” said VP of Threat Operations at Proofpoint, Kevin Epstein.

But what seems to pose the most controversy are the privacy issues associated with the game. Game developers claim the app requests more permissions than necessary, in particular, their access to the user's Google accounts. It’s been noted that the app requires full Gmail account access, meaning Pokémon Go and Nicantic has permission to read emails, send emails as the user, and access all Google drive content and more.

While the creator of the game, Nitantic, have since claimed it was unintentional and will be altered soon, this brings up an important dispute about app permissions and how much attention we really pay to them.

This poses not only personal privacy issues but also work related privacy issues. Who’s not to say someone who downloaded that malicious app used a work Gmail account to sign up, leaving a treasure trove of data open to criminals to abuse. Businesses need to remain vigilant in their fight to secure sensitive data and block access to any websites or applications that pose a threat to the organization.


Read this article on InfoSecurity Magazine

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.