Remove ads, unlock a dark mode theme, and get other perks by upgrading your account. Experience the website the way it's meant to be.

Pokémon Go May Be a Security Risk

Discussion in 'Article Discussion' started by Melody Bot, Jul 11, 2016.

  1. Melody Bot

    Your friendly little forum bot. Staff Member

    This article has been imported from for discussion. All of the forum rules still apply.

    Pokémon Go, which I think is fair to call a phenomenon now, can also be a security risk since it asks for full access to your Google account when you sign in. Adam Reeve writes:

    Now, I obviously don’t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all. I’ve revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.

    It’s always a good idea to review what apps you’ve given access to on your security permissions page from Google. Rene Ritchie, writing at iMore, breaks down how you can still play the game securely by creating a “burner” account.

  2. cricketandclover

    Things have changed.

    Time to delete my app! Was fun while it lasted.
    Dirty Sanchez likes this.
  3. carlosonthedrums

    Cooler than a polar bear's toenails Prestigious

    It's crazy how many Twitter replies I've seen that say something along the lines of "I don't care, I just gotta catch these things."
  4. pauldunions

    Regular Supporter

    Say it ain't so
  5. marceting


    F - looks like I need to delete this.
  6. FTank

    Prestigious Prestigious

    I just downloaded this too. God damn...
    Dirty Sanchez likes this.
  7. supernovagirl

    Poetic and noble land mermaid

    urrrgh I don't want to start over :(
  8. Dirty Sanchez

    Prestigious Prestigious

    gmail account name: ashketchum182
    password: pikachu
    ChaseTx, Ryan, slickdtc and 9 others like this.
  9. selfreliable


    My phone is set up with a dummy email. I dont get my real email pushed to my phone, but it eases my mind about having all these apps having access to everything.
    Raku likes this.
  10. Just revoke access and you can still play
    Raku and The Mysterious like this.
  11. Supernova Jul 11, 2016
    (Last edited: Jul 11, 2016)

    Prayers/Triangles Prestigious

    I have a feeling they will patch this. I hope.
    Raku likes this.
  12. atlas


    can you revoke access and go to a different account with all the same stuff? I'm in too deep to throw it all in the trash now lol
  13. CMilliken


    How do you go about revoking access?
  14. BTDandFeelingThis

    Now I Know This World Isn’t Spinning Just For Me Prestigious

    How do you revoke access?
  15. Chaplain Tappman

    Trusted Prestigious

    nope, its not

    Niantic released a statement saying that “Pokémon GO only accesses basic Google profile information.” Here’s the full statement:

    We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

    sounds like the guy who made the original blog post had no idea what he was talking about.
  16. ncarrab

    Prestigious Supporter

    I am so glad I have NO clue what any of this Pokemon stuff even means.
    Chris Prindle likes this.
  17. What they are saying is that they haven't, not that they can't. They absolutely do have the access to your full Google Account to do this and absolutely did skip the verification process on login. The original blog post remains true right now and a fix has not been rolled out. It is, right now, still unfixed and a privacy disaster if you don't want all of your Google data accessible to a third party.

    I highly recommend everyone revoke access immediately.
  18. Chaplain Tappman

    Trusted Prestigious

    can anyone actually access the information if niantic hasn't? it sounds like "full access" doesn't actually mean "full access" from that article. i revoked access hours ago either way so i guess it's whatever to me
  19. The issue is that Ninatic can. If they have or not is based on trust. I personally don't trust third parties and with the amount of data in most people's emails and such — I don't think that's paranoid. What Ninatic is saying is: we fucked up and ask for more permission than we really need, we're gonna fix that, and we haven't looked at anything except your email address and ID we promise. Google has apparently verified that is currently the case (unsure how much I trust them either, but that makes me feel better). However, until a fix is rolled out there's no way I want any third party having full access to my Google account. The access is very real:


    ... I just really hope they're telling the truth on what happened in the last few days while they had that access.
    Reese's Pieces likes this.
  20. iam1bearcat

    i'm writing a book, leave me alone.

    the real risk is people getting jumped, walking blindly in to traffic, fall off shit and all the other bizarre oddities that have happened since people suddenly forgot how the world works while walking around with a phone attached to your face. although, oddly, people have had phones attached to their face for a decade now so i'm actually surprised by all the accidents and injuries i've seen since this was released
  21. CMilliken


    I'm going to remove it from Gmail until they have it fixed.
  22. supernovagirl

    Poetic and noble land mermaid

    I'm trying to think about and process what info of mine they have by having access to my google....
  23. SamLevi11

    Trusted Prestigious

    I basically have a google account I use purely for this kind of stuff. Not even slightly worried.
  24. Chaplain Tappman

    Trusted Prestigious

    Another update to the link I posted seems to suggest the token used by Pokemon Go doesn't grant access to emails at all and never did. I guess a slack employee tested it? ¯\_(ツ)_/¯ better safe than sorry tho.