Trainers,

as previously reported, Niantic has introduced a new security measure popularly dubbed “App blacklist”, which scans the players device for third party cheating apps. If any are detected, the game refuses to start and a “black screen of death” is shown.

As of today, it seems that Niantic’s blacklisting security measure doesn’t have a bright future, especially on iOS devices, where a crucial iOS bug (CVE-2017-13852) was fixed, disabling access to the list of installed apps on an iOS device. This bug was affecting all iOS devices prior to iOS 11.1.

According to a tweet from Pepijn Bruienne, a Mac enterprise administrator and a Mac administrator at the University of Michigan in Ann Arbor, the bug that enabled apps to sniff around the installed apps list is no longer active:

The full CVE-2017-13852 description:

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.

Although initially very effective, the blacklisting feature has since been disabled. The full history of the blacklist warning screen is as follows:

The state of the blacklisting security measure

Niantic has to be given credit where credit is due: the blacklisting feature, once activated, will stop hundreds and thousands of casual Android spoofers.

However, while this security measure is surely commendable, it’s important to be aware that a number of workarounds have already been found in the cheating community. From re-packaged client apps to cheating apps renames, we’ve observed a number of methods that defeat this security measure.

Apple’s removal of the above mentioned security hole is just another “nail in the coffin”, indicating that the blacklist, albeit partially successful, will not completely curb cheating and spoofing in Pokémon GO.

In the end, a few important questions remain unanswered:

  • Will Niantic punish detected spoofers?
  • Will spoofers remain active players if forced to play without location mocking?
  • Will the blacklist be re-activated in the near future?

We don’t have an answer to any of these questions, but we do hope we will have it in the nearby future. Stay tuned for updates.