Why Pokémon Go Should Be Banned From Corporate-Owned Phones

by CXOtoday News Desk    Jul 19, 2016


Millions of Americans may have fallen in love with the Pokémon Go mobile gaming app. but those fans do not include the corporate professionals who deal with Information Technology Asset Management (ITAM) designed to keep phones, tablets, and other devices secure in the workplace.

The International Association of IT Asset Managers (IAITAM) called on corporations to ban the installation and use of Pokémon Go on both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts.

“Frankly, the truth is that Pokémon Go is a nightmare for companies that want to keep their email and cloud-based information secure,” said IAITAM CEO Dr. Barbara Rembiesa.  Even with the enormous popularity of this gaming app, there are just too many questions and too many risks involved for responsible corporations to allow the game to be used on corporate-owned or BYOD devices.  ”We already have real security concerns and expect them to become much more severe in the coming weeks,” he added.

In the last two weeks, the augmented reality mobile game has taken the world by storm, with Facebook, Twitter, YouTube, and other media sources all buzzing about Pokémon Go - the purpose of the mobile game is to go out into the “wild”, or your surrounding neighborhood, and catch virtual Pokémon.  From there, you level up as a trainer, visit Pokéstops for items, and fight for control of various “gyms,” which are usually located around landmarks and notable historic locations.

Rembiesa highlighted some of the following concerns.

- Data breaches: The original user agreements for Pokémon Go allowed Niantic to access the entire Google profile of the user, including their history, past searches and anything else associated with their Google Login ID.  This has since been corrected, but for COBO devices the result was, by definition, a data breach. It is unclear of the extent of data breaches that took place prior to the changes, what happened to the information accessed, and how that information was stored and/or destroyed.  Further, there is nothing that would prohibit Niantic Laboratory from once again seeking access to all or some of this  information.    

Read also: Pokémon GO: Virtual And Real-World Concerns

-  Risky knockoff copies:  There are now reports that some versions of the Pokémon Go app available from non-official app stories may include  software allowing cyber crooks to remotely control the user’s phone or  tablets. Unsophisticated users may not understand that third party app providers should be avoided due to the risks involved.  The online  security firm Proofpoint already has detected knockoff Android copies of Pokémon Go in the wild containing a remote controlled tool (RAT) called DroidJack.

- Encouraging bad behavior: One of the most important things for employees using COBO devices, in particular, is the need to stick with     approved software and apps.  Pokémon Go must be considered a “rogue download,” which is any software program downloaded onto a device that circumvents the typical purchasing and installation channels of the organization. Rather than simply banning Pokémon Go, corporations should also use this as a learning opportunity to encourage maximum employee understanding of the rationale against rogue downloads, particularly the security risks they represent.

The only safe course of action here is to bar Pokémon Go from corporate-owned phones and tablets, as well as employee-owned devices that are used to connect to sensitive corporate information,” Rembiesa summed up.

Contrary to some popular reports that suggest, Pokemon Go, may be one of the best ways for CXOs to imfuse new energy into their corporate culture, this report well established that one must evaluate the safety and security factor and play the game with caution to safeguard themselves from the cyber crooks.

Read more: Pokémon Go: Is The Future About Augmented Reality Or Mental Illness?