Pokemon Go maker: Coding error gave company access to your emails

The makers of the widely popular smartphone app, Pokemon Go, had to make emergency fixes because the app gave the company an unprecedented level of access into users’ personal lives. 

For some users with iPhones who signed in using their Google account, the app would require “full access” which would allow the gaming company to read users’ emails.

Google settings state that “full access” means Pokemon Go “can see and modify nearly all information in your Google Account.”

Niantic, the game’s developer, acknowledged the coding “error” on Monday. In a statement late Monday night, the company said it only wanted minimal information — a person’s unique player ID and email address. However, “the Pokemon Go account creation process on iOS erroneosly requests full access.”

Niantic promised it will would not use the full access of personal information and has begun work on a fix to reduce the permission needed to play the game.

“Google will soon reduce Pokemon Go’s permission to only the basic profile data that Pokemon Go needs,” the company said.

Niantic was forced to admit the error after security experts realized the app requires such unprecedented access to a user’s Google Account.

Adam Reeve, a computer security expert, at the cybersecurity firm RedOwl, was the first to discover the error. “This is probably just the result of epic carelessness,” Reeve said in a blog post on Monday. “I don’t know how well they will guard this awesome new power they’ve granted themselves… I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.

Google settings warns users against granting this level of access on its settings page, “This ‘full account access,” privilege should on be granted to applications you fully trust.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s