Skip to main content

Unofficial Pokemon Go apps putting business data at risk

Mobile sensation Pokemon Go is not available on the entire planet, rather in a select handful of countries, but that doesn’t mean everyone isn’t playing it.

Hundreds of unofficial apps, on countless app stores and websites around the world, have appeared in just this first week since the game launched.

According to security firm RiskIQ, more than 215 versions of the app showed up in more than 21 app stores.

In the first day, approximately eight new versions popped up every hour. A total of 70 unique developers are associated with these apps. But these unofficial apps mean risks, researchers say. They could be asking for permissions the official game wouldn’t, and they could even carry malicious payload.

“Users have to be aware of the rapid growth of unofficial apps. Approximately half of these unofficial apps are requesting broad permissions from users, risking data exposure via mobile devices. Consumer mobile apps are all about keeping us entertained, and what’s more entertaining than a live Pokemon hunt? It’s a great way for consumers to interact with a much loved brand. But using unofficial apps place the user at a disadvantage, they run the risk of a bad experience with the quality of the product, but much worse is the security risk it exposes them too.” Said Ben Harknett, VP EMEA RiskIQ.

Official apps have to go through rigorous testing, while unofficial ones don’t have to do any of that. “Users must be wise to the dangers of the unofficial versions of any app. The only winners in that Pokemon game are the bad actors catching your data,” finished Mr Harknett.