Businesses warned about Pokemon Go security risk

  • Share:
August 22, 2016

Subtitle: Security expert calls it a 'nightmare' for corporate networks

Almost like a Trojan Horse. When this game became popular I thought that it would come to this. Or was this part of the original software. And as we know, businesses are very vulnerable. Keeping up with security risks can be expensive. Found this in the latest edition from Consumer Affairs:


Sometimes it can be risky mixing business and pleasure. The International Association of Information Technology Asset Managers (IAITAM) is warning businesses such a risk could occur if employees download the insanely popular Pokemon Go app on company-owned devices.

The association has recommended corporations prohibit the installation and use of Pokemon Go on any devices used for business purposes. The group says that includes "bring your own device" (BYOD) phones/tablets with direct access to sensitive corporate information and accounts.

AITAM CEO Dr. Barbara Rembiesa goes so far as to call the new augmented reality game a “nightmare” for firms trying to keep their email and cloud-based information secure.

Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices,” Rembiesa said. “We already have real security concerns and expect them to become much more severe in the coming weeks.”

She said to be safe, organizations must keep the app off any device the connects to the organization's network. Here are her concerns:

Data breaches

Rembiesa says the original user agreements for the game allowed Niantic to access each user's entire Google profile, including his or her history, past searches, and anything else associated with a Google Login ID.

That is no longer the case in current versions, but Rembiesa says this meets the definition of a data breach for corporate-owned devices. It's also not clear to what extent data breaches took place before the change and what happened to the accessed information.

Risky knockoffs

Rembiesa says she has seen reports that some versions of the app that are on non-official download sites may include malware. The illicit software may allow cyber-criminals to take control of an infected phone or tablet.

Rembiesa worries that unsophisticated users might not be aware of the risks inherent in downloading from any third party provider, especially if the device is used on a corporate network. She says Proofpoint, an online security provider, has already reported knockoff Android copies of Pokémon Go in the wild containing a remote controlled tool (RAT) called DroidJack.

Encouraging bad behavior

Making an exception and allowing the use of a game app on a corporate-owned device sets a bad precedent, Rembiesa argues. She says employees need to understand the importance of sticking with approved software.

Despite its popularity, she says Pokemon Go must be considered a "rogue download," which is “any software program downloaded onto a device that circumvents the typical purchasing and installation channels of the organization.”

Check out six short videos to learn more here about LegalShield.

Then you can get more detailed information about all the benefits of LegalShield and IDShield.

Click here to learn more about our Small Business legal plans.

Have you ever needed a quick answer to a legal question? With Ask LegalShield, you now have access to over 1,200 commonly asked legal questions and answers right in your pocket, and it's free!



Phil Liso, Contact
(562) 322-7376