You might have seen some security concerns about the Pokémon GO app being talked about on social media. These are very valid issues — the application can use its own webview container for login from your Google Account, and once approved it gives itself full access to all of your data.
We reached out to Niantic — which developed the Pokémon Go app. It issued a response to the media late Monday evening. ABC News was among the first to share it on Twitter — and Niantic then issue the same response to Android Central.
The statement reads thusly:
We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon GO's permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.
Original post follows:
The good(?) news is that this appears to be an iOS-only issue. On Android, the app appears to use the "right" way to log in with your Google credentials, and it doesn't ask for access to your sensitive account data. You can check for yourself right here. In fact, when we check on an account that hasn't used an iPhone to sign in, the Pokémon GO app isn't even listed as having any access. Don't be alarmed if you see the same thing.
The first concern — the webview container login page — isn't too troubling. Apple has secure methods for apps to do this sort of thing (though Google would rather the user be directed to the default web browser so the URL can be checked) and every app is vetted by Apple staff before it's published. Yes, even Apple can let something slip through, but the account authorization page is legit. We checked. And millions of users have checked.
The second concern — access to all of your Google account data — is much more troubling.
This level of access means that the publisher can see everything. According to Google:
When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf).
Certain Google applications may be listed under full account access. For example, you might see that the Google Maps application you downloaded for your iPhone has full account access.
This "Full account access" privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.
And more. Basically, anything you've ever done while signed in with Google, and everything you've ever saved in Drive or Photos is wide open to Niantic and the app itself.
Now we don't think Niantic or Nintendo is going to pore through your account data or look at your photos. But what happens if someone out there finds a way to hack Niantic? With access to the right database, any attacker can have a token that gives them all your "stuff." That's not good. Not good at all.
What we recommend is that you use a separate Google account if you're going to play Pokémon Go on your iPhone. Or you can decide to not play at all and delete the permissions from your Google security page.
The important thing is that you know what's going on.
We may earn a commission for purchases using our links. Learn more.
The U.S. is reportedly close to restoring Huawei’s global chip supply
According to a report from Financial Times, the U.S. Department of Commerce will soon grant licenses to chipmakers to resume the supply of components for use in Huawei’s mobile devices.
5 Chromebook trends that need to die
There's a lot of good things Chromebooks have added in the last few years, but just as there are some rumors that refuse to fade, there are a few trends in the Chromebook world that are hanging on with an unnatural grip that need to be hacked off before they drag the next generation of Chromebooks under.
Review: Xiaomi Mi 10T Pro makes the 108MP camera accessible to everyone
With the Mi 10T Pro, Xiaomi is redefining the value segment. The phone features an outstanding 108MP camera, Snapdragon 865 chipset, and a 144Hz display backed by a massive 5000mAh battery. But the standout feature is the asking price, with the Mi 10T Pro available for just ₹39,999 ($542), making it a standout value.
Spice up your smartphone or tablet with the best icon packs for Android
Being able to customize your device is fantastic as it helps to make your device even more of "your own". With the power of Android, you can use third-party launchers to add custom icon themes and these are just some of our favorites.