Experts say Pokemon GO is a “HUGE security risk”, iOS users may have given away full access to their Google account


Pokemon Go, the new augmented reality app has taken America by storm is set to break all records for number of app downloads.

It is yet to be officially released in Thailand, but when it does, it will almost certainly be a huge hit.

However, just a week after its release in the US, the app is at the centre of what is potentially a security nightmare for iOS users who have downloaded Pokemon Go.

Users have found that the app is granting full account access to their Google account without asking their permission.

The security flaw was found by cyber security expert Adam Reeve, who described the issue as a “huge security risk” and revealed that anyone who has signed up to the app using their Google account on either an iPad or iPhone is affected.

Despite its own recent security woes, Android users are not thought to be impacted by this particular security flaw.

According to Reeve, Niantic, the developers of the app, have “no need” to access this data “When a developer sets up the ‘Sign in with Google’ functionality they specify what level of access they want – best practices and simple logic dictate you ask for the minimum you actually need, which is usually just simple contact information,” he wrote in a blog post.

“I obviously don’t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all.”

Further tests by ZDNet revealed that the Pokemon Go app does not ask for permission for access this amount of data and instead jumps straight to the app’s T&C’s which do not mention anything about levels of access the app requires.

On its support page, Google warns that any app that is given ‘full account access’ enables developers to “see and modify nearly all the information in your Google account”. This means all you emails, search history, Google calendar info, photos and anything you have stored in Google Drive.

Since making his initial findings, Reeve has posted that Niantic have contacted him to confirm they are aware the situation and are working to resolve it.

Pokemon Go was released just over a week ago in the United States but has already proved hugely popular.

At the time of publishing the app already had more Android downloads in the United States than Tinder, with users spending more time playing the game than on Instagram, Facebook, Whatsapp and Snapchat, according to latest figures from web analytics firm Similarweb.

Unable to keep up with demand and in a bid to stops its servers from crashing, developers Niantic had to delay the release of the game in South America, UK and Europe. The company has said the game should be released in the Europe, the UK and Japan “in a couple of days”.

No word yet on the official Thailand release, although some users may be able to download the game by following the steps here.


Comments are closed.