Niantic Labs continues to improve on the security of Pokemon Go, but that doesn't mean the risks are gone. Server hacks, permissions being secretly granted, and malware-infested clone apps are all out there. BYOD offices need to be prepared for all potential risks.
Pokemon Go isn't alone
Let's make one thing clear: Pokemon Go isn't a unique BYOD threat. Any app installed on a personal device used for work is a potential risk, and the more popular the app the bigger the target.
Pokemon Go is already the most popular mobile game in US history. Its popularity will likely decline over time, but the large number of current users makes it a tempting target for hackers looking to disrupt servers and steal personal information.
SEE: 10 ways BYOD will evolve in 2016 (TechRepublic)
App permissions are a valid concern as well. When the app was first released it was requesting complete access to Google accounts on Apple devices. That bug has been fixed but the app is still fairly new, which means there may be security holes yet to be discovered.
Another common problem for Android users has been fake apps. A quick search in Google Play for Pokemon Go reveals a slew of titles, most of which aren't official and are possibly stuffed with malware.
Hummer, a recent security threat to Android devices, roots phones, installs malware apps, and compromises the security of any account associated with the device. How does it get installed? Through fake apps installed through Google Play. Google's commitment to allowing lots of apps to be installed is nice, but it's also a security nightmare for businesses supporting Android hardware.
The bigger picture
Pokemon Go may be the newest, most visible BYOD threat, but it's by no means unique. Any app installed on a company-approved device is a risk: it could be infected with malware, stolen, or even compromised over an unsecure Wi-Fi network.
SEE: BYOD (Bring Your Own Device) Policy (Tech Pro Research)
Taking BYOD security seriously is the only way to avoid problems from Pokemon Go or other apps. If you are responsible for establishing BYOD policy don't forget these important elements of a secure system:
- Before any machine onboarding is done thoroughly scan the device.
- Check for any third-party software that could be a problem.
- Install company approved and managed antivirus software.
- Make sure the device is encrypted.
- Secure mobile devices using group policy. If applicable, make sure the device is set to wipe itself after a certain number of failed logins.
- Enable a remote wipe option in case the phone is lost or stolen.
The 3 big takeaways for TechRepublic readers
- Pokemon Go is definitely a security risk for BYOD and company-owned devices, but it isn't unique. Most any popular app is an attack risk.
- BYOD devices are part of the new paradigm. If you're an IT professional you're going to need to deal with them, so be prepared. Have a formal policy in place before something sneaks up on you.
- Make sure users know that they have to conform to policy and install software and security tools prescribed by your organization. If they don't want to accept the agreement then simply tell them the device isn't allowed on the network.
- 1.2 million infected: Android malware 'Hummer' could be biggest trojan ever (TechRepublic)
- Best practices for managing the security of BYOD smartphones and tablets (ZDNet)
- How to remove your business location from Pokemon Go (TechRepublic)
- Why BYOD spells good changes for IT (ZDNet)
- Pokemon GO: Security Nightmare for BYOD (Fox Business)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.