Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Pokémon Go makers say they're updating iOS app to address security concerns

The iOS version of the app requested more permissions from users’ Google accounts than was needed.

Updated: 15.51

THE MAKERS OF Pokémon Go said they would be updating its iOS app so it doesn’t ask for full access to a person’s Google account.

If players sign up to the game through their Google account, it requires access to your location, camera, contacts, and storage, but the iOS version requests more permissions than needed. The only other way to sign up to the game is to use an account created through the Pokémon site.

Niantic Labs, the developers of the game, said in a statement that it would update the iOS version so this wouldn’t happen. The Android version does not have the same problem.

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account,” it said in a statement. “However, Pokémon Go only accesses basic Google information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.”

Concerns were raised after it was discovered that the account requires “full account access” to work sparking fears that the game would allow it to access details like emails and search history.

Google itself warns users not to give full account access unless “you fully trust” an application.

When you grant full account access, the application can see and modify nearly all information in your Google account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).

The concern was raised by an employee of security firm Red Owl, Adam Reeve, who said the issue was likely the result of “epic carelessness”.

A product security member of Slack also tested out Pokémon Go and found that it wasn’t able to read data from Gmail or Google Calendar through the app.

“I believe this is a mistake on Google and Niantic’s part, and isn’t being used maliciously in the way that was originally suggested,” wrote Ari Rubinstein on Github. “Given that Google is going to be retroactively re-scoping tokens to remove this possibility, Pokémon Go should be safe to play in the next couple of days on iOS. or even now”.

Pokémon Go has exploded in popularity since it was released in the US late last week. The game has yet to be released here in Ireland but that hasn’t stopped players from using other methods to download the game.

Originally published: 10.33

Read: What the heck is Pokémon Go – and why is it so popular? >

Read: A decade on, Segway creator’s prosthetic arm will arrive at the end of the year >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
16 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds