Nintendo’s new Pokémon GO app took the mobile gaming market by storm after its July 6th release date, bringing Nintendo shares up more than 50 percent with 7.5 million downloads (Reuters). Currently the biggest mobile app in US history, Pokémon GO is opening new doors for mobile gaming, but it immediately raised critical data security and privacy concerns. Security researchers quickly noticed the alarming amount of permissions the application required, including full access to the user’s Google account on iOS devices (The Huffington Post).
Mobile users often download apps and unwittingly grant access to large amounts of personal data. Combined with the continued growth of cyberthreats, applications like Pokémon GO are turning mobile devices into a bright red target. Mobile app companies must maintain high data security standards to protect their customers’ privacy and their own, while still maintaining access to data that makes the game function (and fun) and supports their business model (typically ad-driven). Users also bear responsibility to be aware of what personal data they are allowing these applications to access and what other parties can access it.
Pokémon GO is a gold mine for hackers. The app provides Pokémon GO developer Niantic unnecessary access to user Google accounts; it lacks encryption increasing the risk of data theft; it allows cybercriminals to use geolocation data to track individuals’ daily activity from where they live to where they travel; and it permits dozens of unofficial applications that are using Pokémon GO’s success to gain access to users’ personal data. A mobile malware monitoring company has already detected 172 unofficial Pokémon GO-related applications. This is proof that cybercriminals are capitalizing on new the popularity of technologies and exploiting their inherent vulnerabilities.
Mobile app companies have a responsibility to stay on top of their data security to protect both their customers and their company. It is easy to overlook security concerns when it comes to a mobile game as opposed to an app that appears to be more high risk, such as a financial or healthcare app. The reality is, though, that Pokémon GO allows for the unnecessary collection of data with a lack of encryption, making it an extraordinarily valuable target for a hacker.
To help users stay aware of the data they share, app companies need to be clear about what they are doing to protect that data. This will not only promote transparency with customers, but also incentivize companies to implement the highest level of encryption to secure their data.