You’ve likely seen them all over by now. Chances are there are even some among your workforce.
Droves of people furiously swiping their smartphone screens (and perhaps wandering around parking lots, fields, or even inside your building) as they play the smash gaming hit Pokémon GO.
Released on July 6, the free, augmented reality smart phone game quickly became one of the most popular apps in both the Apple App Store and the Google Play store. Web traffic analytics company SimilarWeb estimated that the game had been downloaded on 5% of Android devices only two days after its launch.
In a nutshell, the game allows players to integrate the real world with virtual, catching Pokemon that appear on their phone screens as they walk through parks, city blocks, and many other locations. The main goal is for players to catch Pokemon, but users can also interact with special locations the game overlays on various landmarks, such as fountains, sculptures, and notable buildings.
Just how popular is Pokémon GO? More data from SimilarWeb tells the tale:
- 60% of players use it daily
- As of July 8, players were spending an average of 43 minutes per day using the app
- For comparison, Instagram was used on average 25 minutes per day
Security Issues Already Discovered
Pokémon GO’s sheer popularity makes breaking news of the game’s serious permissions issues all the more troubling.
Security researcher Adam Reeve discovered two days after the game’s release that the iOS version of the app snagged full permissions for players’ Google accounts once they logged in. This means the app had full access to a player’s Google account, including the ability to send and view emails and other data stored there.
Fortunately, Mr. Reeve alerted Niantic, the game’s developer, of the flaw. Three days later, Niantic announced the permissions issue was mistake, and that they would issue a fix. Google also announced that it would automatically reduce the app’s permissions.
As of this writing, no reports have surfaced of player data being compromised because of the permission problem. The quick response and promise of a fix by the developer has undoubtedly drawn a sigh of relief from anyone on the hunt for their next Pokémon.
A Learning Opportunity
But, the permissions issue does bring to mind the caution that needs to come with downloading any app. Seeing the world through an employee awareness lens as we do, this is a perfect opportunity to reinforce the potential dangers of inviting the latest game on to a mobile device.
It’s not just about double-checking exactly what permissions a given app requests. Cyber criminals are also quick to turn out phony versions of the most popular apps; versions that often contain malware designed to take control of a user’s device.
In less than a week, security researchers at ProofPoint found a malware-injected version of Pokémon GO. The phony game contains a malicious remote access tool that effectively gives an attacker full use of an infected device. ProofPoint researchers report that the phony version was made available outside the official Google Play store, likely due to the fact that the real game had not been officially released globally at the same time.
Call in the Reinforcements
Cybercriminals seldom rest, and neither must your security and privacy awareness efforts. That’s why we regularly stress the importance of comprehensive awareness initiatives that include robust training and reinforcement content that does not stop at a once-per-year learning session.
Best practices in this regard are too important to not repeat in engaging, fun ways. Fortunately, MediaPro has a robust library of animations designed to reiterate key concepts with your employees. Concepts like, say, staying safe when downloading mobile apps, as featured in our awareness animation below. Download it for free, and share it with your employees.
Downloading Apps from MediaPro on Vimeo.
Pokémon GO or no, remember that awareness programs are most effective when they reach employees where they are with content relevant to their interests.
For more tips on what makes an impactful awareness program, download our free white paper 5 Strategies for Improving the Effectiveness of Your Awareness Program. Or, check out our webinar on the same topic.
Want to see MediaPro’s comprehensive, integrated approach to awareness training and reinforcement in action? Contact us today for a free demo.