Categories: News

0.115.3 APK mine: SSL and device permission changes

Trainers, a new minor update for Pokemon GO has appeared on APK Mirror (and Google Play stores around the globe), version number 0.115.3 on Android. We did a quick tear down of the APK and observed quite a lot of changes in the way the game handles security, root certificates and SSL (client-server communication layer encryption), but nothing game wise.

Given the recent privacy concerns that arose with 0.115.2, we’re hoping it fixed the issue with rooted devices and file scanning as well. Let’s see what’s new.

SSL and certificate changes

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a client, and Pokemon GO is using it to establish a connection between your game and Niantic’s servers, download models, sprites, the Game Master file, etc.

0.115.3 contains traces of code changes in the SSL certificate handling subsystem, with a dozen of code lines referencing certificate authorities, algorithm choices and key chains. Although these changes do not influence your day to day game play, additional / better security layer is a always a welcome change in our eyes.

It is possible that a majority of these changes seem to stem from a Mono framework upgrade / rebuild and not directly as a product of Niantic’s code changes, but that’s not likely as Mono.Security package version has remained the same.

Permission changes

We gave a lot of flak to Niantic in our recent post about 0.115.2 and how it silently reads through your file system on Android, and we don’t think we overreacted. Sniffing through the file system without notifying your user is quite alarming. Unfortunately, we’re not seeing any permission changes that relate to that in 0.115.3.

We are however seeing a new Android permission, called READ_PHONE_STATE, which allows the following:

Allows read only access to phone state, including the phone number of the device, current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.

We’re not sure what is it used for as it’s not visible from the APK itself.

Zeroghan

Antonio started the Hub in July 2016 and hasn't had much sleep since. Software developer. Discord username: Zeroghan. 28 years old.

Share
Published by
Zeroghan

Recent Posts

A Look Towards Go Fest 2021: Too Soon?

I know, ok? "Liam, Go fest 2020 has only just wrapped up and you want…

23 hours ago

Update to the PokéCoin System

Niantic has responded to feedback for their newly added PokéCoin feature. This feature was released…

2 days ago

GO Fest 2020 Makeup Event

Due to technical issues that occurred during some of the Pokémon GO Fest 2020 habitat…

2 days ago

Deino Where Are You?

When we heard the announcement about Dragon Week being a part of the rewards unlock…

3 days ago

Garchomp Meta Analysis: An Earth-Shattering Drag(on) Force

Is that a shark? Is that a jet plane? Is that a dragon? Yep! It’s all…

3 days ago

Pokémon GO Weavile PvP Analysis

If you're in the mood to break the monotonous Giratina Altered mirror match or stop your…

5 days ago