ONLINE SECURITY
image

Korea Times

‘Pokemon Go’ users exposed to cyber crime in Seoul

Unofficial apps made to 'assist' gameplay could be a security risk

PUBLISHED : Wednesday, 08 February, 2017, 5:30pm
UPDATED : Wednesday, 08 February, 2017, 5:32pm

By Yoon Sung-won

The nationwide sensation of location-based mobile game ‘Pokemon Go’ has ignited cybersecurity concerns, according to the Korea National Police Agency (NPA) Tuesday.

Niantic, developer of ‘Pokemon Go’, claims the game includes security measures and does not collect much private data except for the user’s email address and location information.

But diverse unofficial apps are asking for excessive private information, causing cybersecurity risks, the NPA said. These unofficial apps are made by third-party firms or personal developers to “assist” game play by providing features that cannot be found in the ‘Pokemon Go’ app and by manipulating GPS data.

Compared to Apple’s iOS mobile operating system, Google’s Android is relatively more generous in allowing app providers to request access to user data such as location, storage and address book.

The NPA said it has founded 44 Korean-language apps related to ‘Pokemon Go’ in the nation’s Google Play app market and learned they ask for 10 access rights on average.

The police urged users to read the terms thoroughly before agreeing to share their private information with third-party app providers.

“Some of the unofficial apps may collect private information even when it is not essential for their purpose,” the NPA said. “Users should be alert before blindly allowing the app providers to collect their private data because it can be exploited through illegal sales. If such apps are already installed in a smartphone, they should be removed or blocked from accessing excessive user data.”

The police also warn about fraud, unauthorised access and distribution of malware.

Earlier on Feb. 3, Korean security company ESTsecurity found a malicious software programme which collects email addresses and unencrypted passwords of users’ Google accounts.

Even before the official launch of ‘Pokemon Go’ in Korea on Jan. 24, similar malware programmes continued to be found here in the smartphones of those who downloaded unauthorised setup files of the game.

As Korea’s release of the mega-hit mobile game had been delayed for about six months, an estimated 500,000 users have downloaded ‘Pokemon Go’ through unofficial channels according to industry sources.

Police also warn against those who lure users by selling ‘Pokemon Go’ accounts or claiming to level up their characters for money.

“Such cases can be fraudulent,” the police said. “Unauthorised automation programmes may also contain malware, leading to serious damage to users.”

The NPA said it has updated its mobile malware-blocking app with samples of malicious code found in Korea while strengthening promotion of cyber crime precautions related to ‘Pokemon Go’ through its smartphone app service.

‘Pokemon Go’ has recorded over 8.5 million downloads as of Feb. 5 since its release here on Jan. 24, according to WiseApp.

‘Pokemon Go’ users exposed to cyber crime in Seoul