It’s the gaming craze that isn’t just sweeping the nation, but the world – Pokémon Go! Yep, the old classic collect-a-Pokémon has gone fully mobile and it has people walking the streets in an augmented reality enjoying the game. But there’s a problem – and the App’s developers really must address it immediately. Security
Now I’m not talking about your personal security – Pokémon Go tries to warn you as you play that you should keep an eye on your surroundings, the issue is how the game uses your Google Account (if you are playing it on an iPhone).
While ths issue applies only to iOS users right now, its an important reminder of why we have to check regularly the access that has been granted to our accounts, like Google, Facebook and Twitter when we use them for simple sign-ons.
As best I can tell this was first revealed by Adam Reeve on his Tumblr blog post, but the issue has gone widespread itself and it’s really important people area aware.
By opening the app, and signing into the game by the one single mechanism provided – Google – you’re giving the app Full Access to your Google Account.
Yep – full access. It can do anything but change your password and pay for things with Google Wallet.
UPDATE: Nintendo have issued a statement outlining how they plan to fix the issue and that the full access was never intended.
We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.
Why is that a problem? Ahh, hello – Email accounts are the key to our digital lives, we not only store personal information there but they are the way we begin processes like password recovery for other accounts and unlocking your email is about as good as it gets to unlocking your entire digital life.
Here’s what Google Says about Full Account Access:
And here’s where you’ll see if you’ve granted the Pokémon App that same right:
You can view this (and Revoke it) on your Google account on this link.
As soon as you sign in again to the game, it will get the access again – and as we all know, the servers are overloaded lately:
So you’re being asked to sign in again, and again.
What can you do?
Easy. Firstly for some reason this is only happening on iOS devices, and or on some accounts – but you should check! Click your google account settings to find out.
If so, the alternative is create a new google account. Just for this. Problem solved, crisis averted.
We’d also like to think that the game’s creators will change their app ASAP to request just the things it needs – which for the life of me I can’t work out what they would be – just let us play the game!