While Pokemon Go may be available in just three countries for now, that hasn’t stopped fans around the world from getting the game for Android to Australia, New Zealand or the US by creating and using an iTunes account. It looks like there has been a serious security breach on those who play Pokemon Go. The game has full access to your Google Account. Well, at least on iOS.
(See also: pokemon go tips and tricks,
It was discovered by Adam Reeve, Principal Architect of RedOwl Analytics. He took Tumblr To share your findings:
“Let me be clear – Pokemon Go and Niantic can now:
• Read all your emails
• Send email as you
• Access all your Google Drive documents (including deleting them)
• View your search history and your map navigation history
• Access any personal photos you may have stored in Google Photos
• And a whole lot more”
And that’s not all. According to Reeve, since the game uses email as an authentication mechanism, he believes “there’s a very good chance other sites will gain access to your accounts as well.”
(See also: Pokémon Go in Real Life Is Responsible for Weird and Scary Things,
There’s no need for that either. Usually when a developer allows users to sign in through Google, the level of access is specified. Mostly this is just contact information.
reeves later tweeted that “seems this affects some iOS users, not all. Don’t know what the criteria are yet.”
(See also: Playing Pokemon Go in India? Here’s everything you need to know,
We’ve checked this with the Google account we use on our iPhone 5S and yes, Pokemon Go itself has granted full access to our account. This was not the case with the creation of our Android game, although at the time of posting this, just a user has reported that it affects the Android version as well. reeves believe that that “on Android it is using client permissions to receive data, while on iOS it is using a Google account.”
Still, if you’re not willing to give Niantic full access to your account, deleting the game isn’t enough. Here’s what you need to do to fix it:
- Log in to your Google Account.
- View Available App Permissions Here,
- Revoke access to the game by clicking on it.
For the time being, Niantic and The Pokemon Company have kept silence on this. Keep in mind that if you ever decide to take the risk of playing Pokemon Go again, you’ll need to grant it access to a Google Account. The game gives you the option to sign in using a Pokemon.com account, but the site’s sign up section has been unavailable since the game’s launch. Hopefully this will correct itself in the coming days as Niantic and The Pokémon Company plan a global launch for the game soon.
Update, July 12, 2016: Niantic has issued the following statement:
“We recently discovered that the Pokémon Go account creation process on iOS mistakenly requests full access permission for a user’s Google Account. However, Pokémon Go only provides basic Google profile information (specifically, your user ID and email address). address) and no other Google Account information is or has been accessed or collected.
Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information corresponding to the data we actually access. Google has verified that no other information has been obtained or accessed by Pokemon Go or Niantic. Google will soon reduce Pokemon Go permissions to only the basic profile data that Pokemon Go requires, and users are not required to take any action themselves.”