Short Bytes: Nintendo’s insanely popular augmented reality mobile game Pokemon Go is a massive security risk. Surprisingly, this app has complete access to your Google account and it can make any kind of changes to the same. So, in these risky times of frequent data breaches, playing Pokemon Go isn’t worth the risk.
It’s the latest addition to the series of long running games launched by Nintendo. It’s developed by Niantic–a former internal Google startup–and pretty much everyone in America is playing it.
However, there’s another side of the coin that people are choosing to ignore. Security experts have warned that the Pokemon Go players are exposing themselves to security risks by signing up using Google.
These risks have been outlined by the security researcher Adam Reeve who was “stunned” when he came to know that Pokemon Go has complete access to your Google account. To play this game, one needs to sign in using Google services or by visiting pokemon.com website. It looks like pokemon.com website is refusing to accept new sign-ups at the moment, so people are using their Google account to sign-up.
Just when you hit the Google button, you are logged in. But, you are not shown a message regarding what data this app is going to access. Here’s what it means when Pokemon Go has full access to your account:
- Pokemon Go can see and modify all information in your Google account
- Such privileges should be given to fully trusted applications only
As a result, now Nintendo and Niantic can read and send emails on your behalf, access and modify your Google Drive documents, access your search and location history, and a whole lot more.
As the best security measure, when a developer integrates the “Sign in with Google” functionality in an app, he/she specifies the permission levels that are being granted. Usually, an app just uses your Google account for simple contact information.
Even though Nintendo might not be planning to conduct a massive data theft, such permissions are dangerous in the times of frequent security breaches. The leaked data often ends up on filesharing websites, only to be used by hackers to access accounts.
At the moment, if Nintendo doesn’t make any changes to its app permissions, playing Pokemon Go is something I would like to avoid.
Update: Nintendo and Google have issued statements, promising to fix this issue very soon.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.
Also Read: 10 Best Android Apps And Games Of 2016