>

Pokémon GO for iOS is a Huge Security Risk According to Researcher

#

Nintendo’s Pokémon GO was incredibly well received all over the world, making a fortune for the company as Nintendo’s market value went through the roof. The immense popularity of the game also caught hackers attention and yesterday I wrote an article warning you about malicious 3rd party websites that may install DroidJack malware on your Android running smartphone when downloading compromised versions of the Pokémon GO.

Today’s piece of news is about a huge security risk with regard to the iOS (and possibly Android) version of the Pokémon GO. The problem is related to privacy concerns about the official Pokémon GO app according to Adam Reeve, an internet security expert, who described the game as “malware” due to the fact that upon installation, it grants itself full access over your Google account. When you’re signing into the Pokémon GO application using your iPad/iPhone via your Google account, the game grants itself full access and that means it can see and/or modify basically all the info in your Google Account.

For example, it can send emails in your behalf, read all your emails, access your private photos, access/delete your Google Drive data, look at your internet search history and so on and so forth.  However, the good news is that according to Google’s support page, an app granted with full access over your Google Account can’t pay with Google Wallet on your behalf nor change your password/delete the account.

Niantic, the game developer behind Pokémon GO released an official statement in which they claimed they never intended to get total control over users Google accounts and the app only accesses basic profile information data. Currently, Niantic is actively working on a fix/patch for downgrading the app’s permissions level, let me quote:

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.”

Until the fix is in sort to speak, you can revoke Pokémon GO’s full access to your Google account by yourself by visiting Google account permission page. Look out for Pokémon GO, select Pokémon GO Release and click the REMOVE button.

 

Source