Header Ads

Pokemon Go can see and modify all information in your Google account - Malware Risk

As millions of users wander the country collecting Pikachus and Jigglypuffs, the Alphabet spin-off Niantic, Inc. that developed the game is collecting information about the collectors. And it’s most definitely catching them all.

Like most apps that work with the GPS in your smartphone, Pokémon Go can tell a lot of things about you based on your movement as you play: where you go, when you went there, how you got there, how long you stayed, and who else was there. And, like many developers who build those apps, Niantic keeps that information.

According to the Pokémon Go privacy policy, Niantic may collect — among other things — your email address, IP address, the web page you were using before logging into Pokémon Go, your username, and your location. And if you use your Google account for sign-in and use an iOS device, unless you specifically revoke it, Niantic has access to your entire Google account. That means Niantic could have read and write access to your email, Google Drive docs, and more. 

(It also means that if the Niantic servers are hacked, whoever hacked the servers would potentially have access to your entire Google account. And you can bet the game’s extreme popularity has made it a target for hackers. Given the number of children playing the game, that’s a scary thought.) You can check what kind of access Niantic has to your Google account here.

Just when you hit the Google button, you are logged in. But, you are not shown a message regarding what data this app is going to access. 

Here’s what it means when Pokemon Go has full access to your account:
  • Pokemon Go can see and modify all information in your Google account.
  • Such privileges should be given to fully trusted applications only. 

It also may share this information with other parties, including the Pokémon Company that co-developed the game, “third-party service providers,” and “third parties” to conduct “research and analysis, demographic profiling, and other similar purposes.” Similar to Pokemon Go Chat. It also, per the policy, may share any information it collects with law enforcement in response to a legal claim, to protect its own interests, or stop “illegal, unethical, or legally actionable activity.”

GoChat, an independent app that lets Pokémon Go users leave notes for each other at in-game locations

In a statement to Gizmodo Monday night, Niantic said they started working on a fix and verified with Google that nothing beyond basic profile information had been accessed.

We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.
Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic.

Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

This is not something new, Twitter, Instagram, Snapchat, Tinder, Facebook, and amongst other apps use the same thing. lots of apps have access to your google account. But they only ask for access to your name and email usually. Pokemon GO has full access. Meaning they can send emails as you, delete your emails, delete/share your googe drive docs. There is no reason they need this much access. And with their server issues..

Update: Google New Features (it just pop on my search ) you can revoke any apps

No comments

blogmytuts. Powered by Blogger.