New official client update triggers a captcha on suspicious activity

[kaantantr]

Coming straight from /r/pokemongodev, this might be a priority to keep the accounts safe. If the game finds you having suspicious activity, which can be anything from scanning/botting to your gps lagging for a second and teleporting you 50 meters or just simply anything the server deems "suspicious".

https://www.reddit.com/r/pokemongodev/comments/4z5hb7/0350_is_the_end_of_scanningbotting/

Post removed, here's a screenshot: http://i.imgur.com/gTSZzA4.png

Edit for people who are not devs: Do not play PoGo untill further notice, or your account is most probably getting banned real soon as we do not have captcha support at the moment.

Edit2: More info, seems like they added a web view for the captcha: https://www.reddit.com/r/pokemongodev/comments/4z9mpo/apk_teardown_for_35/

[Migsi]

Finally we're safe :D

[ST-Apps]

Keeping this open for future reference, but it's still not implemented yet. By the way this can help us staying alive while killing all the bots around.

[Migsi]

@ST-Apps It's just a matter of time until they activate it. They are rolling out the updates ATM, so I'd consider this as high priority as soon the API provides us the neccessary things. Also taking down again the releases might help prevent from people getting banned... I guess one or two "missed" captcha requests lead to an insta ban...

[zakius]

Taking down releases won't prevent people from using already installed ones, maybe with this update there should be also some way to determine if given version is considered safe on start, restore etc before connecting to Niantic servers?

[Migsi]

@zakius That would need the auto-updater to be activated or some separate server to notify the app about the current "safety state".

[nelsoncmartinsf]

Although it's not "legal", couldn't we temporarily create a page, or something alike, in this git where we could use the title as guide to which the app is safe, or not, to use, an then on the app check that given title and warn the players about an unsafe gameplay?

[kaantantr]

@Auhmaan It has been proven by ReadMe, Release Notes and the title screen warning "You might get banned, use at your own risk" that people do not read instructions and warnings.

[luchokoldo]

or we can use the donate button and pay Azure to show updates in the app xD

[Avid29]

@kaantantr If they see rare suspicious activity. Now many things that can happen is considered suspicious and will clarify with captcha there's a difference between risking it at 10% chance of ban vs 90% chance of ban

[Avid29]

Or we can have it check with a facebook with the facebook api?

[Migsi]

The updater is already ready, it just needs to be activated. It checks the releases on github, so it could check a special syntax/note on the release notes and show a warning. Not that much to I'd say.

[Avid29]

Or we can buy time, every computer you got ping their servers until they crash. If we keep it up they'll be to confused in the sudden increase in logged-out traffic to work on captcha (I'm kidding of course, our entire community is nothing to their servers but that would be funny)

[Avid29]

On a related note what is their main IP?

[Avid29]

[zakius]

@Migsi it would be enough to host on github pages or wherever single file containing latest safe version and check for that, but if updater is ready it would be enough to modify it to block startup if installed release is considered unsafe (like everything is now)

[Migsi]

@Firestarthirty Is there anybody still using PowerShell since the Bash came to windows? xD

@zakius The updater has to be tweaked to do something similar to your description. But it shouldn't be that hard to implement.

[Avid29]

I actually never used powershell

[brunolb]

Tried to log in a few times before reading this. Am I banned for sure?

[Avid29]

This actually isn't a problem yet. You could be banned but not because of this

[kaantantr]

They are still rolling out the update so it is not activated yet.

[BertchCA]

Agreed, I can't even load the official app on blue stacks after login due to no update so they better not be banning anyone yet that wasn't already flagged by other means.

[brunolb]

Nice. But is everyone unable to play it (retrieve user data) since yesterday? Not sure if I was banned or if it's really about the servers, just confirming it.

[IzaacJ]

No issues with getting user data for me. But I'll be staying away from the game until the captcha is implemented :)

[viniciusbrasil]

Today I have too many issues. I will be staying away too .

[viniciusbrasil]

My gps today show many wrong location e.e

[LordForsythe]

Is there any way to see if the account is banned? I tried logging on an iPad and the game shuts down, but on the PTC website, I still can log in

[faoltiarna]

I'm using google account and I can't login either. But I haven't received any email about ban. When the game tries to get user data, it crashes. It's happening from yesterday evening.

[kaantantr]

Guys, this is not a discussion about being banned or not. You can always discuss those stuff on reddit.

[Malavos]

@faoltiarna please stop using the app for now! :) While we fix this.

[shamburg82]

Another thing that may look like suspicious activity is the frequency of "Nice," "great," and "excellent" throws. I never got an excellent throw (+100 xp) on the official app, and rarely got great throws (+50 xp). But on PoGo, I get those bonuses almost every time. This is inflating our XP and may raise red flags on Niantic's servers.

[Malavos]

@shamburg82 that's actually a really good red flag for us :+1: Should we create a issue to adjust that?

[viniciusbrasil]

@shamburg82 and curve balls with excellent great and nice lol.

[shamburg82]

I can create a new issue, but wasnt sure if the ball throwing physics were already being adjusted in the next version. I'll leave it to @ST-Apps to decide :smile:

[viniciusbrasil]

@shamburg82 throwing physics is the thinh I most waiting :), it os the most important thing i thinn xD

[Avid29]

Informing people they're more likely to be banned is needed but I think preventing it is even more important. Is anyone working on captcha support?

[ST-Apps]

https://www.reddit.com/r/pokemongodev/comments/4z65lk/rip_scannersbotsautomation/d6t86fo

There's no need to panic. When we'll be enabled we'll see how it works and then implement it. For now there's nothing to do.

[Migsi]

@ST-Apps As far I can tell we'd have already all information about how those captchas actually work. So we could already implement some sort of web view to show them and also get the url already.

[kaantantr]

More info, seems like they added a web view for the captcha: https://www.reddit.com/r/pokemongodev/comments/4z9mpo/apk_teardown_for_35/

[Rover656]

Update now appears to be live.

[BrunoRJ]

I was using only PoGo and I was ban, maybe captcha is not the only thing to worry about.

[Malavos]

@BrunoRJ I was using it too, and got banned, but I don't think it's related to the captch. I have a theory that they are banning in "waves", and many of our WP users were banned from old data they got from us playing old versions, or too many good throws stats and capture distance, if they do get it.

Just a theory thou.

[faoltiarna]

Well, my old account got banned (it was used with the old versions), and my new account got banned as well (only used with the RC version). There was no email, only a notification in the new version app. So, I'm going to try with third account and pray :D

[somederp123]

is the captcha live yet on the official client? since this issue is not closed i assume PoGo does not have captcha support yet? So isn't it complete unsafe to use PoGo RC2 now as it will incur in a 100% ban? Or did i miss something here?

[lucas-zimerman]

It'll Always not be 100% safe, the devs are dealing with a black box that decides some Unknown methods for deciding how to ban people. EDIT: I'm also banned

[EthanAlvaree]

@ibm5155 Were you banned while using 1.0.29?

[sunkin351]

They seem to have ways of seeing whether the official app is being tempered with. Let's brainstorm, what methods could their server be using to see if the client is being tempered with?

[lucas-zimerman]

@EthanAlvaree I was banned while using v1.0.25 (v1.1.0-RC1) . While on desktop I'm only using the latest commits as my primary build, but I only test it with another account (in this case it's not banned yet). Maybe, they are only going to ban people when They reach a specific level? (lets say they tag people with some ban id, and it only bans the user after he reaches level 11)...

EDIT: It would be nice if pogo only accept true gps signal and not triangulated gps signal from mobile transmission towers (This way people are not going to teleport 1km from your original spot while using pogo)

[sunkin351]

Does the app (official or otherwise) send any platform info to the server? I believe their also banning anyone trying to play the game on a desktop.

[kaantantr]

@sunkin351 This is not a thread to discuss why we might be getting banned. And dont worry, devs are doing their best fixing various things that might flag us every single day.

[ST-Apps]

Closing because there's nothing to discuss. Things will be implemented as soon as they become official.