Over the past two weeks, cartoon creatures have officially taken over our world. If you haven’t seen them, it’s because they’re only visible when playing the new game, “Pokémon GO”. This free smartphone game fuses virtual technology with the physical world, causing it to quickly become a cultural phenomenon and the biggest mobile game in U.S. history.

However, Pokémon GO’s rapid rise in popularity has also raised some major security concerns. While millions of users wander the world searching for Squirtles and Pikachus, they may not be aware of what they’re giving up in return for playing the game.


What is Pokémon GO?

You’re probably familiar with the thirty-year-old Pokémon franchise, and now that childhood fantasy has become a reality – a virtual reality, that is. The obsession surrounding Pokémon has evolved into a wildly popular game that now has people lurking around parks, restaurants and even other people’s homes.

The game, made by Niantic Inc., uses your GPS and other location-finding technologies to meld the fantasy world of Pokémon into the real world. In order to find Pokémon, users are required to travel on-foot around their community to various locations, collecting items along the way. Once a wild Pokémon appears, the game uses cell phone cameras to project it into a real-world environment, allowing the user to “catch ‘em all” by throwing a pokéball at it.

This seems harmless enough, right? Well, if you take a closer look at the fine print, it actually reveals how vulnerable our personal data can be in the hands of seemingly benign applications.


Some Gastly Concerns

Lax Privacy Policy

Like most apps out there, Pokémon GO does collect data about its users. When first downloading the app, users need to sign in with a Google account and grant access for the app to use your camera, data and contacts. However, according to the Pokémon GO privacy policy, Niantic may also collect your username, email address, IP address, the web pages you viewed before logging into the game, and your entire Google account. Many have stated their concerns online, noting that such full access to this information is a huge security risk.

In addition, the privacy policy also gives the company wide latitude for using all of this information. Niantic can hand personally-identifiable information (PII) over to law enforcement, sell it off, and even share it with third parties.

Niantic recently addressed this concern and came out with a statement saying that they are fixing the bug that allowed the app to gain full access to users’ accounts.


New Target for Hackers

Users of the game are providing a wealth of information to Niantic – either knowingly or unknowingly. It’s only a matter of time before that information is in hackers’ hands. Niantic’s gigantic database of data has become the perfect target for hackers and criminals. If the Niantic servers are hacked, the hijackers could potentially have access to all of your PII.

This past weekend, the Pokémon GO servers crashed due to what Niantic claims to be an overwhelming number of downloads, but many have speculated that the servers were allegedly hacked in a distributed denial of service (DDoS) attack by a group known as PoodleCorp. The hacker group took to Twitter to claim the responsibility of the hack and also threatened further damage.

The game’s extreme popularity has also attracted other cybersecurity concerns. Many fake versions of the app have been uncovered. They claim to be the real deal but actually contain malware that can lock your smartphone and inflict more harm.


Geolocation Crime

The public nature of Pokémon GO has caused even more unforeseen side effects, such as attracting crowds of trespassers that disturb homeowners and causing stampedes in search of rare Pokémon. Also, criminals have reportedly been able to use the geolocation feature to lure players to remote areas and rob them at gunpoint. This goes to show that although the new game has received an abundance of positive feedback, there are dangers that lurk in the shadows – or even in the tall grass.


What Can MSPs Do?

This newfound vulnerability of mobile data means that there’s a greater need for managed IT security. Especially with the ongoing trend of BYOD, the likelihood of introducing unwanted cyber activity and harmful attacks via these connections is at an all-time high.

As an MSP, you can use apps like Pokémon GO as an example to show clients and employees the security risks involved with unprotected mobile devices and the growing need for managing these endpoints. By leveraging a mobile device management (MDM) solution, you can greatly reduce these risks by remotely wiping an individual’s data if a device is compromised. An MDM solution will also allow you to implement endpoint security policies and put restrictions on app purchases from non-validated markets.

In the case of Pokémon GO, it’s clear that the enthusiasm isn’t going to fizzle out any time soon. With the right tools, you can keep your company and your clients protected in their quest to be the very best.