Home News 0.115.3 APK mine: SSL and device permission changes

0.115.3 APK mine: SSL and device permission changes

0
0.115.3 APK mine: SSL and device permission changes
Pokémon GO APK Mine

Trainers, a new minor update for Pokemon GO has appeared on APK Mirror (and Google Play stores around the globe), version number 0.115.3 on Android. We did a quick tear down of the APK and observed quite a lot of changes in the way the game handles security, root certificates and SSL (client-server communication layer encryption), but nothing game wise.

Given the recent privacy concerns that arose with 0.115.2, we’re hoping it fixed the issue with rooted devices and file scanning as well. Let’s see what’s new.

SSL and certificate changes

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a client, and Pokemon GO is using it to establish a connection between your game and Niantic’s servers, download models, sprites, the Game Master file, etc.

0.115.3 contains traces of code changes in the SSL certificate handling subsystem, with a dozen of code lines referencing certificate authorities, algorithm choices and key chains. Although these changes do not influence your day to day game play, additional / better security layer is a always a welcome change in our eyes.

It is possible that a majority of these changes seem to stem from a Mono framework upgrade / rebuild and not directly as a product of Niantic’s code changes, but that’s not likely as Mono.Security package version has remained the same.

Permission changes

We gave a lot of flak to Niantic in our recent post about 0.115.2 and how it silently reads through your file system on Android, and we don’t think we overreacted. Sniffing through the file system without notifying your user is quite alarming. Unfortunately, we’re not seeing any permission changes that relate to that in 0.115.3.

We are however seeing a new Android permission, called READ_PHONE_STATE, which allows the following:

Allows read only access to phone state, including the phone number of the device, current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.

We’re not sure what is it used for as it’s not visible from the APK itself.