dark        

If you're on iOS, Pokemon Go may have full access to your Google account

0

Here's why that's more than a little uncomfortable

[Update: In our comment section below, Molamolacolacake linked a Gizmodo article that contained the following correspondence with Niantic:

We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves. 

Looks like we're safe and it was just a mistake. Phew!]

Pokémon Go is doing some wonderful things for the community right now (and Mike is working on that review!) but I have some bad news for you if you're using an iPhone and you're concerned about security. 

Some iOS players of Pokémon Go are unknowingly handing full access to their Google accounts to developer Niantic on a silver platter. Adam Reeve of RedOwl -- an information security firm -- wrote this detailed post a few days ago that explains exactly how this happens. In a nutshell, instead of asking for specific permissions with your Google accounts like some apps do, this one has full access to everything associated with that account, which Reeve says includes:

  • Read all your email
  • Send email as you
  • Access all your Google drive documents (including deleting them)
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos
  • And a whole lot more

That's, uh, a huge breach of privacy right there. Whether you have pictures of your children or your poké balls, Niantic could potentially look at them and distribute them to all of your contacts. It isn't affecting all iOS players, and only very few Android players are seeing it at all so this is most likely a mistake of some sort. Reeve sums it up well:

Now, I obviously don’t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all. I’ve revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.

Will this make you un-install, or are you having too much fun to care about infosec irresponsibility? 

Pokémon Go is a huge security risk [tumblr]

You are logged out. Login | Sign up

 
 

Click to open photo gallery:

 

TwitterRedditEmailFacebook
 
Zack Furniss
Zack Furniss   gamer profile

Liev Schrieber's little brother. Lover of horror and RPGs. Let's be best friends. more + disclosures


 


 


Also on Destructoid: Pokemon Go   (234)   From our database:

  • 2019 was Pokemon GO's most successful year to date - Chris Moyse
  • Pokemon GO Hatchathon event includes famous Party Hat Wurmple - Chris Moyse
  • Pokemon Go is going hard on events in 2020 - Chris Carter
  • This Pokemon Go Buddy Adventures ad isn't making me cry it's just dusty in here and also I'm crying - CJ Andriessen
  • The Games that Defined the Decade: Pokemon Go - CJ Andriessen
  • Rare Pokemon to return in 2019's final Pokemon GO Community Day - Chris Moyse
  • A Pokemon Go player caught a literal million Pokemon - Jordan Devore
  • Pokemon GO has made over $3 billion in lifetime revenue - Chris Moyse
  • Pokemon Go Battle League launching in early 2020 - Jordan Devore
  • More related stories
    Filed under... #Android #iPhone #Pokemon #Pokemon Go

    READER COMMENTS LOADING BELOW...


    LET'S KEEP THE COMMUNITY GREAT


    You're not expected to always agree, but do please keep cool and never make it personal. Report harassment, spam, and hate speech to our community team. Also, on the right side of a comment you can flag nasty comments anonymously (we ban users dishing bad karma). For everything else, contact us!



     
     
  •