The augmented reality game ‘Pokemon Go’ may have a security risk in the app.
According to Fortune magazine, a potential security vulnerability exists for players who used their Google account to sign up for the game. Adam Reeve, a principal architect at RedOwl, a cybersecurity startup, wrote in a blog post about the risks.
What to know before you sign up for ‘Pokemon Go’
The risk appears to only affect iOS users who sign into Pokemon Go with their Google credentials. Reeve wrote about the issue on his blog:
‘To play the game you need an account. Weirdly, Niantic [Labs] won’t let you just create one – you need to sign in with an existing account from one of two services – the pokemon.com website or Google. Now the Pokemon site is for some reason not accepting new signups right now so if you’re not already registered there you’ll need to use a Google account – and that’s where the fun begins.
‘I started the game, hit the Google button, and was redirected to log in. Normally you’d see a little message saying what data the app is going to be able to access – something like “This app will be able to view your email address and name”. For some reason that’s not shown in this case, but I went ahead and logged in anyway. Then on a whim I went to see which permissions it was granted (you can see for your own account right here). To say I was a little stunned is putting it lightly – it said: ‘Pokemon Go has full access to your Google account.’ (Read the rest from his blog here.)
CNET provided a fix for the issue as well as a note from Niantic indicating that the company is addressing the issue.
Read more: How to see everything Google knows about you