Pokémon Go itself is an 'augmented reality'
app, in which players negotiate real-world locations in an attempt to collect
and battle Pokémon characters, in addition to collecting 'Poké Balls',
food and other virtual items, which are intended to assist with catching,
feeding and nurturing the creatures which have been found.
The success and popularity of the app
are exceptional. It has become the fastest game to top the charts of both the
official iOS (Apple / iTunes) and Android (Google Play) app stores[4],
having been installed on more than 5% of Android devices in the US within two
days of release[5], and achieving more than 30 million global
downloads by 20th July[6]. By 13th July, the app was reported as
seeing average daily usage figures greater than those for Snapchat, Tinder,
Twitter, Instagram and Facebook[7].
Its popularity is such that, even prior
to its official release dates in various countries, large numbers of users were
obtaining versions of the app from 'standalone' app-download sites. Since there
are often no official checks on the integrity or legitimacy of the content
available from such sites, reports quickly surfaced of the appearance of fake
versions of the game. Many of these versions were malicious in nature,
including instances infected with a tool intended to allow remote attackers to
gain access to a user’s mobile device[8]. Even after the official
launch, and even on the official app marketplaces – where some checks should be
in place to verify the legitimacy of the applications on offer – large numbers
of fake or unofficial apps were being observed, including examples which could
lock users' phones or generate advertisements featuring pornographic content[9,10].
The (official) Pokémon Go game also incorporates the use of an in-game currency,
which can be purchased though the app using real-world payments, thereby
presenting the potential for making the creation of non-legitimate versions of
the game a tempting prospect for fraudsters. These trends highlight the need
for brand owners to protect their reputations – and the security of their customers
– by monitoring both official and third-party app marketplaces for the
appearance of unofficial apps incorporating branded content, and employing a
process of enforcement to have the offending applications removed.
Any product which generates a following
on the scale of that seen for Pokémon Go can also cause other security and
brand-protection issues for its owner. In the days following the app's European
releases, a hacking group claimed to have carried out a denial-of-service
attack – involving the use of an array of compromised computers to make
repeated Internet connections to a company's central servers – to render the
game inaccessible[11]. Over much of that weekend, log-in access to
the app was unavailable, though this was undoubtedly also partly due to the
number of (real) users attempting to connect to the game, particularly from
regions in which the app had not yet formally been released.
In terms of a 'classic' brand-protection
issue, the one-week period to 14th July saw the registration of nearly 4,000
.com and .net domains with names incorporating the Pokémon trademark[12].
Many of these were undoubtedly purchased by cybersquatters, attempting to take
advantage of the game's popularity to misdirect potential customers to
third-party websites, or to generate revenue via the use of pay-per-click
advertisements, or the hope of the sale of the domain names to the brand owner.
In a similar case seen previously (for example), Nintendo won the transfer of
ownership, following a UDRP case, of a typosquatted domain – pokemonl.com –
which had at different times been configured to re-direct visitors variously to
a pornographic site, a gambling site, and to malicious content[13].
In addition, NetNames has also noted the
distribution of spam e-mails which are using the popularity of the Pokémon Go
game to encourage users to click on embedded links, directing to content which
may be fraudulent, malicious and/or generating revenue for third parties. In
one example, the recipient is promised an opportunity to win £500-worth of the PokéCoin
currency used within the app.
A technological product with the levels
of success achieved by the Pokémon Go app – in only its first few weeks – can
present enormous opportunity, not just for the brand owner, but also for the
users of the product and for other businesses. For example, a number of
organisations have seen marked increases in custom simply by virtue of being
located near to a PokéStop, by opening a mobile outlet near to a popular Pokémon spot, or via the use of in-game 'lures' to draw Pokémon characters (and thereby Pokémon Go players) to their location[14].
However, the points raised above serve to highlight the fact that there is also
a need not only for vigilance by the users of such a product, but also a
requirement for the brand owner to carefully consider their security and
brand-protection requirements in response to the emerging threats.
References
This article was first published on 20 July 2016 at:
.jpg)
No comments:
Post a Comment