Half of companies have employees who play Pokémon Go with corporate credentials

Pokémon Go has broken all mobile gaming records, with more than 75 million installs across Apple and Google platforms globally, becoming a phenomenon that has sent users out of their homes and offices to catch wild Pokémons.

According to several reports cited by Enterprise Innovation, 150,000+ unique apps connect to corporate cloud environments, a number that increased 30-fold in the last two years alone. Some 27% of connected third-party apps are of high or very high risk and need immediate attention from corporate security teams.

“Implementing a high-level strategy as well as a specific Application Use Policy that outlines how they will whitelist or ban applications is critical,” authors of the report say.

Pokémon Go is authorized to act on behalf of the user through an OAuth connection.

When launched, this OAuth connection allowed the app, and by extension the vendor, Nintendo, to view, edit, collect or delete anything related to the user’s Google account; send emails, analyze navigation history, and exfiltrate and externalize user data through programmatic API access; and collect personal data alongside geotagging functionality and camera access.

Findings show that 44% of all organizations have employees who granted access to Pokémon Go using their corporate credentials.

On average, 5.8% of an organization’s employees have installed Pokémon Go. Only 12% of affected institutions have banned the app. The education, media and technology industries are seeing the greatest impact.

Leave a Reply