Pokémon GO: Safe to Download or Not?
The newest game craze to sweep the nation is Pokémon GO. The popular game, created by Silicon Valley’s Niantic Labs, uses your phone’s GPS to detect where you are and make the Pokémon characters appear on your phone’s screen. As you move, you encounter more characters. Of course, this is all from second hand as I have chosen not to download and play.
No, I am not a hater on latest trends. Actually, I love the idea of an augmented reality game that gets users out and about on a hunt; it’s a very cool concept. However, there are some issues with the download.
Those who chose to download the game via Google on an iPhone gave the creators at Niantic full and total access to their Google accounts. This allowed the developers access to users’ Google photos, e-mail, browser history, map history and more. Yikes!
Niantic released a statement Monday stating they are currently working on a fix:
“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
It appears that Niantic used an outdated version of Google’s shared sign-on service. This approach uses credentials that already exist on your phone, so the user does not have to create another online account, saving time.
However, this method should ask the user what permissions they want to grant the app, which Niantic did not do. Since they used an outdated and unsupported version of the sign-on, that permission granting step was completely left out, leaving Niantic full access to the users’ accounts.
It is hard to believe that the creators would do anything harmful withusers’ information that could ruin their reputation as stock for Nintendo is growing exponentially. However, users may want to beware for the time being.
This entry was posted in Cyber Security
and tagged google
. Bookmark the permalink