as previously reported, Niantic has introduced a new security measure popularly dubbed “App blacklist”, which scans the players device for third party cheating apps. If any are detected, the game refuses to start and a “black screen of death” is shown.
As of today, it seems that Niantic’s blacklisting security measure doesn’t have a bright future, especially on iOS devices, where a crucial iOS bug (CVE-2017-13852) was fixed, disabling access to the list of installed apps on an iOS device. This bug was affecting all iOS devices prior to iOS 11.1.
According to a tweet from Pepijn Bruienne, a Mac enterprise administrator and a Mac administrator at the University of Michigan in Ann Arbor, the bug that enabled apps to sniff around the installed apps list is no longer active:
Apple shipped an additional kernel vulnerability patch in the iOS 11.1.1 update: CVE-2017-13852 – "A malicious application may be able to learn information about the presence and operation of other applications on the device." So not just the viral autocorrect & Siri fix. 👍🐛💥
— Pepijn Bruienne 🌲🧀💴 (@bruienne) November 13, 2017
The full CVE-2017-13852 description:
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.
Although initially very effective, the blacklisting feature has since been disabled. The full history of the blacklist warning screen is as follows:
- On October 15 2017, Pokémon GO version 0.79.2 goes live and data mining reports indicate that a new security feature has been added, called “Blacklisted App”
- On October 18 2017, GO Hub discovers that the client app (version 0.79.2) is downloading a new bundle of text, including the strings required to display this warning screen.
- On October 19 2017, Niantic officially announces the Halloween 2017 event, silently activating the blacklisted app security feature.
The state of the blacklisting security measure
Niantic has to be given credit where credit is due: the blacklisting feature, once activated, will stop hundreds and thousands of casual Android spoofers.
However, while this security measure is surely commendable, it’s important to be aware that a number of workarounds have already been found in the cheating community. From re-packaged client apps to cheating apps renames, we’ve observed a number of methods that defeat this security measure.
Apple’s removal of the above mentioned security hole is just another “nail in the coffin”, indicating that the blacklist, albeit partially successful, will not completely curb cheating and spoofing in Pokémon GO.
In the end, a few important questions remain unanswered:
- Will Niantic punish detected spoofers?
- Will spoofers remain active players if forced to play without location mocking?
- Will the blacklist be re-activated in the near future?
We don’t have an answer to any of these questions, but we do hope we will have it in the nearby future. Stay tuned for updates.