Pokemon GO Google Security Vulnerability Needs Fixing

By | 4 months ago 

Pokemon GO player discovers a huge security risk for Apple users who sign into the app through their Google account, which allows the app access to all Google account services.

Pokemon GO has been seeing huge popularity on the iOS app store, recently beating out Tinder in downloads. The augmented reality game is so popular that the developer, Niantic, had to temporarily halt the launch of the game in several countries to make sure the servers could handle the huge amount of users. The launch has been so problematic that Amazon’s Chief Technology Officer offered his services to help get the game’s launch running smoothly again.

While registering on Pokemon.com has been temporarily suspended due to the massive demand, Pokemon GO players are still able to login through their Google account. Unfortunately, if a player is signing in through their Google account through iOS, they may be putting their account’s security at risk.

Pokemon GO player Adam Reeve made this discovery after trying to sign into the app through his Google account and finding it strange that Pokemon GO didn’t inform him which account services the app could access.

Reeve decided to do a little digging on exactly what services the app would be able access, and posted his findings on his tumblr page. What Reeve found was that by signing into the app through a Google account, players are unknowingly giving Pokemon GO unrestricted access to all email, all Google Drive documents, any private photos stored in Google Photos, and a player’s entire search history.


Reeve is quick to point out that this is probably the result of carelessness rather some nefarious scheme by Niantic to harvest player data. However, while this is still a huge security risk for any Pokemon GO player who signs in through Google on iOS, the issue doesn’t appear on Android. This is just the latest in a string of problems that has been plaguing Pokemon GO, which has drawn some negative press for reports of criminals using the app to rob players. But if players learn that their virtual security is also at risk, Niantic may have a major PR problem on its hands.

Despite these problems, Pokemon GO’s massive popularity doesn’t look like it’s going anywhere soon if Nintendo’s soaring stock value’s are any indication. But with the huge popularity of the app, Niantic should probably put more effort into ensuring that its players are safe both online and in the real world.

Should players trust Niantic with access to their Google services?

Pokemon GO is available for iOS and android devices in select regions.

Source – Gamespot