There is no doubt that Pokémon Go is the hottest topic recently. Allowing adventurers to catch Pokémon in real life, this game has taken the world by storm. However, the account security mechanism is not as well-designed as the game itself.
Adam Reeve, the security analyst who originally discovered this problem, said that if you sign into Pokémon Go with a Google account, you will be granting full access to Niantic, the developer of this game, to your account. He also noted that this security issue is limited to iOS users.
When first loading Pokémon Go, users can sign in either through a Google or Pokémon Trainer Club account. Due to its tremendous popularity, that almost overloads the server, new users cannot register through the app. Thus, using Google account to sign in becomes the only option.
Upon signing up with Google login credentials, users should have been redirected to see a notification page specifying what data this application requires and ask the user for permission to access this data. But apparently this page was not appearing, hence turning out to grant Pokémon Go full assess to users’ Google account.
According to Google’s support page, “When you grant full account access to an application, it can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf). ”
Reeve did not accuse Niantic of malicious intent; however, this is still a concerning security issue, for most apps should only ask for basic contact information instead of a full access, not to mention that users have no idea about how such a massive amount of information will be protected.
Soon after Reeve documented this concern, Niantic issued a statement addressing that, “Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected…Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
An update to remedy this problem has been released promptly. Download the latest version now and start the journey to capture the Pokémon all around you!
** UPDATE: Pokémon GO’s geographic availability keeps increasing steadily as the game is released in new countries. The game, however, has also experienced some bumps recently as it has had its own share of hacking attacks. Pokémon GO servers have been the target of a DDoS attack, resulting on a prolonged downtime that affected all game infrastructure during a few hours. It didn’t take long time for annoyed users to express their anger with the attackers.