Thycotic Telephone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Could Pokémon Go be the largest surveillance app yet?

Written by Joseph Carson

August 2nd, 2016

Access to location information, your camera, your photo’s and your email all in one simple app download.

Computer Gaming has always been a way to lure people to downloading a so called free app which comes bundled with malware either to use your computer for malicious activity or to steal your data for cyber crime like financial fraud.  This has been going on for years and gaming software downloads has been one of the typical ways for cyber criminals to get you to install bad stuff.

The major security risks behind apps like Pokémon Go and using Social Logons to sign up!

The world has changed significantly with Social Logins, in the past you would have needed to create an account for each service you sign up for and this caused a headache for many people ultimately resulting in more than 50% of us using the same password across multiple online services.  These do have security risks, however data loss and data duplication was restricted or limited unless a cyber breach occurred to one of those services used.  We have seen a number of major high profile cyber incidents related to such incidents like the recent LinkedIn data disclosure and even Twitters own CEO’s account being hacked as well as Facebook CEO Mark Zuckerberg.

Today for many online services, apps or games developers they have opted to utilize the social login also known as Single Sign On, this means you can sign up using your Google+, Facebook, Twitter or LinkedIn accounts etc…  It solves the issue on remembering multiple passwords however with a much greater security and privacy issue in the background that many people do not realize, when using single sign on most apps request read/write access or request access to your basic information which for most people are OK with, but some apps request FULL ACCESS and this means almost access to everything including emails, calendar, location information, friends and family etc…  This includes the recent Pokémon Go app which is a augmented reality game that uses your GPS and Camera to battle other players in which we have seen quickly become the most downloaded app in only a few days, during the sign up process you can use your Google Account to sign up however it  requests FULL ACCESS to your account.  With this type of access these apps can continuously copy your data without your knowledge and could potentially mean that your data is not as secure as you may have previously thought or assumed.  With recent apps and games many have removed the ability to create a unique account for those services meaning the only option is to use Social Logon.

Additional risks that come with such gaming apps is they usually have less security applied, these become prime targets for cyber criminals for data theft and scams or governments for surveillance or intelligence gathering all in a single location.  They have also been used for smaller targeted criminal activities like luring unsuspecting gamers to remote locations and attacking them or stealing their belongings and money.  There is also a high risk of children using these types of app that use location and camera information and becoming victims or prey for molesters.

It is important to be vigilant at all times and if you have children using these types of apps ensure they have the appropriate security applied and educate on the dangers of online predators.  Children are quickly becoming the number one target for cyber criminals due to poor cyber security hygiene and a higher prone to sharing information.

I highly recommend to avoid using Social Login for such apps and games especially if you are using the same email to protect your financial, resetting other accounts or storing personal information.  Where possible use the option to create an account, use a password manager to create a strong unique password for each service.  Where you have used such Social Logins previously continuously check which apps you have given access by checking apps connected to your account, disable and remove apps that are no longer being used, check apps that use Full Access and remove if you do not trust such apps with your personal data.

Social Networking companies have a long way to go to making these services secure and private in a way that makes it very clear to the user opting to use Social Login clear to what activity is occurring behind the scenes, until such a time try to use unique accounts.


Like this post?

Get our top blog posts delivered to your inbox once a month.


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.