Pokémon GO leaves some yelling Pokémon No!

3 insurance risks and insights associated with the fastest growing app in history

Pokémon GO is the fastest downloaded mobile app of all time, and everyone is talking about it. Hitting number one on the app downloads chart in five hours, Pokémon GO now has more than 23 million people playing daily.1

Although more individuals are getting out of their houses to “catch” virtual Pokémon in the real world, playing the game is not without its risk. Users’ phones are being hacked through both the authorized app and faux versions, and users are even sustaining bodily injuries.

Brokers and agents need to learn about the real risks of Pokémon GO and the lessons that this application can offer to clients in the technology space.

Risk #1: Massive security flaw gives total access

Following the launch of Pokémon GO, there were several security concerns with an omission that allowed full access to users’ Google accounts.2 This meant that, if hacked, a user’s photos could be deleted and email accounts could be accessed.

“A security flaw for any game or app maker is a tremendous risk, especially for the fastest growing mobile gaming app in history,” said David Derigiotis, Corporate Vice President and Director, Professional Liability Center of Excellence at Burns & Wilcox. “An oversight of this size presents a significant liability in Technology Errors & Omissions (E&O) and Cyber Liability coverage.”

According to TechRadar, the security flaw was recently patched and developers issued an iOS app update. However, the risk does not stop there.

“Users that haven’t downloaded the patch are still open to unauthorized access from the app developer’s server,” said Michael Schultz, Underwriter, Professional Liability Center of Excellence, Burns & Wilcox. “Hackers can send emails from a connected Gmail account to the user’s friends, family, and associates without them even knowing.”

There is no clear way to tell when an individual has hacked into your account either. Sent emails may be deleted so the user may not even realize phishing attacks are being sent from their account. A phishing attack is a method of creating an email that looks like it is from a legitimate person or business to steal confidential information.

Pokémon GO exploded in a way that very few could predict. It is a great case study for brokers and agents to present to software and technology development clients and ensure they are properly covered,” said Derigiotis. “If a client’s app takes off rapidly and a security flaw is found, the liability could easily exceed the current insured rate and has the potential to harm the organization.”

With any security error or omission, the developer could incur massive legal fees that may put a firm out of business.

Risk #2: Fake apps scamming players

Malicious mobile applications are on the rise. Thus far, at least 215 fake Pokémon GO apps have been found in the Google Play store. One such app called Pokémon GO Ultimate locks an interested player’s screen once downloaded. The only way to reboot is to manually remove the phone’s battery and uninstall the program on the application manager.3

“Whenever users download an app, the creator gains permission to information such as location, search history, email accounts and contact lists,” said Derigiotis. “With any app, the user needs to be positive what they are downloading is safe, as the developer may have coded Malware into the app.”

Malware, or malicious software, are specific software that is created with the intent on harming or infecting computers. The most common types of malware include viruses, worms, Trojan horses, ransomware, spyware and adware.

Ransomware, a malicious software that locks a device until a certain amount is paid, is increasingly prominent as a result of app downloads. The average payment for a cyber ransom request is $300.4 If the ransom is not paid, the hacker has the ability to delete and/or share the data that was accessed.

“Recently, many consumers, manufacturers, public utilities and health care facilities have fallen victim to ransomware,” added Derigiotis. Ransomware is easily disguised and most individuals are not prepared. It only takes one person with the right access to a company’s confidential information to fall victim to ransomware and create a multitude of cybersecurity concerns. Once that happens, an entire hospital’s patient data can be taken, for example.

While fake Pokémon GO apps have not been reported to include ransomware yet, some malicious apps are only one step away. Developers should think like hackers when testing their systems and be prepared to make necessary software updates as soon as a flaw is discovered. Developers leave themselves open to costly potential lawsuits should unauthorized access be gained. Whether or not the developer wins the cybersecurity case, the legal fees may have crippling consequences.

Risk #3: Do not walk off a cliff, literally

Since the release of the app, FOX News reported that Pokémon GO players have walked off cliffs, been in car accidents, been robbed, and have trespassed into areas like nuclear power plants.

In the Pokémon GO terms of service, developer Niantic Labs says “during game play, please be aware of your surroundings and play safely.” They go on to remove themselves from any liability involved with playing the popular game.

“There is a bodily injury component that may arise from apps like Pokémon GO,” says Derigiotis. “While the app shows a warning to be aware of surroundings every time it is opened, it will be interesting to see how the excessive amount of injuries play out.”

The popular video messaging app Snapchat was sued recently when a user crashed into another car while driving double the speed limit to earn a virtual trophy through its speed filter. The crash resulted in severe traumatic brain injury for the victim, who is now suing the driver and Snapchat for medical expenses. While Snapchat includes a similar warning to Pokémon GO stating not to use the speed filter while driving, the case remains open. Whether any app developer includes a statement denying liability of misuse of its app or not, they may still face litigation.

With all clients that develop apps, brokers and agents should use Pokémon GO as a reason to speak with them about reviewing their coverage. Apps that have a wide appeal could explode at any time. A full assessment of the possible risk is needed to make sure the client is covered in the case of any and all security weaknesses.

Sources:
1 AppInstitute, 2 Hacked.com, 3 Fortune Magazine, 4 Tech Republic