Pokemon GO

What Kind of Threats Are We Facing with POKEMON GO?

This application, still in its beta testing phase and not yet officially available in Turkey, has already found a place on many smartphones. Users have started playing the game by downloading its APK file from the Internet or by tricking the system into thinking they are located in a different country, as the game is not available in Apple Store or Google Play Store in Turkey.

What kind of threats exist in files not downloaded from official app stores?

It is unclear whether these files downloaded to phones are the original files created by the official game developer or files modified to include various malicious software. This is where the threats begin. For example, while standard apps request permissions like access to location or camera, malicious software may request much broader access. Currently, malware-infected versions of Pokémon GO on the market may request permissions such as sending and receiving SMS messages, making phone calls, or modifying the address book. If you grant access to SMS, even verification messages from your bank can be read. Or, if it requests payment permissions, it could potentially make payments using your e-wallet.

Additionally, there are many applications with similar names appearing in searches within the app stores, which also pose significant security risks.

How Can We Protect Ourselves?

If you do not feel confident in your ability to manage your own security, we strongly advise you not to download this application separately until it is officially available in the Turkish Play or iTunes markets. As a general precaution, do not install apps from third-party sources or websites in APK or any other file format.

Our mobile phones have essentially become active computers. You can increase your device’s security by downloading free antivirus programs available for smartphones.

Moreover, there are serious threats on the corporate side as well. An employee or guest can connect to a corporate network via their smartphones. If a malicious app exists on the employee’s or guest’s phone, it could infect the corporate network, or custom-designed software with malicious intent could be delivered through these apps. Therefore, it is crucial for companies to ensure the security of devices before allowing employees to use them on the corporate network. These devices must be treated like network computers and go through proper security checks. If such checks cannot be performed, these phones should be blocked from accessing the network. At this point, network security devices take over functions like controlling mobile devices’ access to the network, assessing their security levels, and monitoring their apps through application control.