Dwelling on Android threats, Bitdefender identified AndroRAT.A as a top Android threat of the first half of 2015. Like other RATs, this detection allows a remote attacker to control the infected device with a user-friendly control panel – monitor and make phone calls and send SMS messages, get the device’s GPS coordinates, activate and use the camera and microphone and access files on the device.
Another word of warning for players of the game on iOS. The Pokémon Go app requests more permissions than it needs. Signing into the app via a Google login reportedly gives the developer, Niantic, full access to users’ Google accounts, an error the company is working to fix.
We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account”, the company told Ars Technica. “However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access.
Word of advice for users planning to download this and other popular mobile games:
- Beware of rogue applications posing as genuine games. Since Pokemon Go is officially available for download only in the US, Australia and New Zealand, the temptation to download it from third-party market places is huge. Yet copycats may carry malicious code that takes full control of the device, collecting users’ personal data and clicking on ads in the process. In fact, 19.55 percent of global threats are fake apps that install malware or highly aggressive adware, according to Bitdefender’s Android Threat Report for the second half of 2015. So it’s best to download apps only from official app stores.
- Install a security solution suitable for your mobile device to identify malicious applications before they’re installed and discover the privacy impact of apps already installed.
- When installing an app, review the permissions it requires and remove unnecessary ones. In this case:
- Head to Google’s security page and look for Pokémon Go.
- Select Pokémon Go, then click “Remove” to revoke full access.
- Launch the game on your device.
- Check reviews about the app and the developer before installing a new application.
- As a general rule, don’t download fake apps posing as software updates, sent in unrequested emails.
- Also, avoid jailbreaking your device unless you know how to protect it from threats and can take full responsibility for its security. Jailbreaking will disable the “sandboxing” feature of the iOS, an essential piece of the operating system’s security architecture. Read more about the negatives.