Pokemon Go has a really, REALLY serious Google security issue right now

Posted on 07/11 22:10 in | 0

Pokemon Go has quickly taken over the lives and towns of countless players since it started rolling out last week, but it could also literally take over your digital life. Multiple players, including myself, have discovered that signing into the game on iOS via Google grants Pokemon Go full access to your account.

Software architect Adam Reeve was the first I saw to publicly cry foul about the issue in an informative blog post. The problem isn't that Pokemon Go can use your Google Account to sign in - it makes sense, since it uses a lot of Google technology - the problem is that it automatically gives itself way more access to your Google Account than it should ever need. Here's the description of what giving an app something full account access does from a Google support page: "When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf)."

If you use Gmail and Google Docs, for instance, Pokemon Go could theoretically read everything in your messages and documents. Since your email account is usually the center of your online identity and security (just think of all those "forgotten password" links sitting in your inbox), this is a big problem.

The issue seems to be limited to people who play the game on iOS, and not everyone's account has been affected. You can check yours on Google's account security page - if you see "Pokemon Go Release" listed and it "Has full access to your Google Account", you can revoke it right from there. But if you ever sign out from the game and log back in, it will get full access again. You could avoid the issue by signing in with a Pokemon Trainer Club account from Nintendo, but the club is limiting new sign-ups at the moment because of high traffic.

It's doubtful that developer Niantic Labs intends to do anything malicious with all this access. It was probably just an oversight. But intentions aside, if any malicious folks hack their way in from the outside, they could get an unparalleled level of access to your sensitive information. You can decide how serious the problem is for yourself, but I'm going to bid farewell to my menagerie of GPS monsters until Niantic fixes this.

Seen something newsworthy? Tell us!

Leave a Comment

Captcha image