This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
Dublin: 14 °C Wednesday 17 July, 2019
Advertisement

Pokémon Go makers say they're updating iOS app to address security concerns

The iOS version of the app requested more permissions from users’ Google accounts than was needed.

Updated: 15.51

THE MAKERS OF Pokémon Go said they would be updating its iOS app so it doesn’t ask for full access to a person’s Google account.

If players sign up to the game through their Google account, it requires access to your location, camera, contacts, and storage, but the iOS version requests more permissions than needed. The only other way to sign up to the game is to use an account created through the Pokémon site.

Niantic Labs, the developers of the game, said in a statement that it would update the iOS version so this wouldn’t happen. The Android version does not have the same problem.

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account,” it said in a statement. “However, Pokémon Go only accesses basic Google information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.”

Concerns were raised after it was discovered that the account requires “full account access” to work sparking fears that the game would allow it to access details like emails and search history.

Google itself warns users not to give full account access unless “you fully trust” an application.

When you grant full account access, the application can see and modify nearly all information in your Google account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).

The concern was raised by an employee of security firm Red Owl, Adam Reeve, who said the issue was likely the result of “epic carelessness”.

A product security member of Slack also tested out Pokémon Go and found that it wasn’t able to read data from Gmail or Google Calendar through the app.

“I believe this is a mistake on Google and Niantic’s part, and isn’t being used maliciously in the way that was originally suggested,” wrote Ari Rubinstein on Github. “Given that Google is going to be retroactively re-scoping tokens to remove this possibility, Pokémon Go should be safe to play in the next couple of days on iOS. or even now”.

Pokémon Go has exploded in popularity since it was released in the US late last week. The game has yet to be released here in Ireland but that hasn’t stopped players from using other methods to download the game.

Originally published: 10.33

Read: What the heck is Pokémon Go – and why is it so popular? >

Read: A decade on, Segway creator’s prosthetic arm will arrive at the end of the year >

  • Share on Facebook
  • Email this article
  •  

About the author:

Quinton O'Reilly

Read next:

COMMENTS (16)