I honestly do not know where to begin with this article. I believe the most logical place to start is I have no doubt similar problems may exist within devices from other mobile operating systems. I doubt this is exclusively an Android or Google problem. That said, it is deeply concerning, especially given the data collection and sharing process going on in the absence of even an active SIM card.
I am not advocating for the mass production of tin foil hats, but I will say this. If you have your smartphone with you, you are most certainly never alone.
Please take the time to review your Android based platforms and update whenever and wherever possible.
Microsoft updates are published and available. The iOS fix is in beta and should be released in the next few days. Android patches are still in the works and may not be available for weeks. Pixel will receive updates first while other Android devices will be dependent on hardware vendor support.
This is yet another example of effective Android malware. Please take the time to vet your app sources. Think twice about 3rd party sources. Verify!
Please take the time to review your patching options for your Android devices and patch as soon as these updates are available from your carrier.
Mobile platforms are a growing target for cyber criminals in terms of value, especially for platforms like Android that exist in a more open ecosystem. The time is quickly coming for better controls and mitigation strategies.
The technical geek side of me finds this innovative command communication technique ingenious. The IT Security side of me is concerned about this latest evolution in the command/control process and its affect on admins attempting to limit this type of communication. It can and will hamper filtering efforts at the DNS level.
Additional information on the great Pokemon Go fiasco of 2016…no Pikachu was not stealing your email.
Daniel Suarez and others have written (in fiction) about a world in which reality and virtual reality blend together, creating sub-cultures and super-cultures of people and technology coexisting in a pseudo symbiotic relationship. As funny as this next statement is going to sound, Nintendo and Pokemon Go may have kicked off this evolution in our very real, non-fiction world.
The security issues discussed in this article are to be taken seriously, though they are also quite easily remedied. When it comes to the actual acquisition of the app, download it from the Google Play store and take the time to make sure you have the proper version. This should be the practice for all downloads, not just the hottest new craze on the market. Concerning Google permissions, a patch is forthcoming. I would consider other authentication mechanisms in the interim if you are concerned about the access granted to the game. Though we would like to think all developers and companies have our privacy in mind when they present apps and develop code, frankly, the real world simply does not work that way. They want to meet deadlines and they want to make money and both practices can be hindered by security common sense from time to time.