Skip to content
Search AI Powered

Latest Stories

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users
Make us preferred on Google

[DIGEST: CNN, The Guardian]

Niantic Labs, the developers of augmented reality game Pokemon Go, made emergency fixes to the game after discovering the app inadvertently had been granted full access to users’ Google accounts. The permissions appeared to affect players who signed up with their Google accounts on Apple devices. According to Google, “full access” means Pokemon Go "can see and modify nearly all information in your Google Account." This includes access to email. Nintendo of America, which owns the Pokemon brand, declined comment. Pokemon Go’s release last Thursday shattered industry records and sent Nintendo’s stock soaring. To date, the game has been downloaded on Android and Apple devices more than 5 million times.


The news sparked fears that playing the game would allow its developers to not only read and send email, but edit and delete documents in Google Drive and Google Photos and access individual browser and map histories. In a statement Monday night, Niantic assured users it only sought minimal information, specifically a user’s unique player ID and email address and that it was working to reduce the user permissions required to play the smartphone game. The company admitted, however, that “the Pokemon Go account creation process on iOS erroneously requests full access."

Credit: Source.

It does not appear Niantic intentionally sought access to users’ personal data––Ingress, Niantic’s other augmented reality game, only requests minimal information from its users––but the company uses an outdated version of Google’s shared sign-on service. This approach is favored by app developers because it makes sign-up quicker and easier for players. It negates the need to create another online account using credentials already stored on their phones. Ideally, shared sign-ons should ask the user what permissions they want to grant the app. In this case, the permission-granting step was skipped because Niantic used an unsupported and out-of-date version of the sign-on process. This error then prompted Google to default to warning users that Pokemon Go had “full access” to their accounts.

It is difficult to ascertain just how much of the blame for the security scare can be apportioned between both parties, but it appears Google may have presented

the limited permissions granted as full access. “Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” Niantic said. “Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

Adam Reeve, a computer security expert at cybersecurity firm RedOwl, claimed he discovered the security vulnerability. In a blog post written Monday, Reeve said, "This is probably just the result of epic carelessness. I don't know how well they will guard this awesome new power they've granted themselves... I really wish I could play, it looks like great fun, but there's no way it's worth the risk." Mark Nunnikhoven, a computer security expert with cyber security firm Trend Micro, echoed Reeve’s concerns. "A game shouldn't require this amount of access to your data,” he said.

Credit: Source.

However, fellow cyber security expert and Trail of Bits CEO Dan Guido cast doubt on Reeve’s claim after reaching out to Google tech support. Google assured him that “full account access” does not mean a third party can read or send email, let alone access files. In a statement, Google said that “In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail").” Reeve has since backtracked on his claim, saying he wasn’t “100 percent sure” his blog post was true. Reeve, a former senior engineering manager at Tumblr, admitted he had never built an application that uses Google account permissions and had never tested the claims he makes in his blog post.

More from News

SONY PlayStation showcases its fun scenes in home consumption at AWE2026 in Shanghai, China.
CFOTO/Future Publishing via Getty Images

Gamers Are Furiously Sounding Off After PlayStation Announces End To Physical Discs

Physical media fans just got hit with a game-over screen.

Sony announced Wednesday that it will discontinue physical PlayStation game discs starting in January 2028, a move that has already sparked backlash from gamers who aren't exactly thrilled about handing over the last remnants of ownership to digital storefronts.

Keep ReadingShow less
Michael Che and Colin Jost
ALEX EDELMAN/AFP via Getty Images

Michael Che Just Wished Colin Jost Happy Birthday With A Hilariously Brutal Post—And 'SNL' Fans Are Cackling

Perhaps no two celebrities are better at trolling each other than SNL's Michael Che and Colin Jost.

And for Jost's recent birthday, Che decided it was the perfect time to show his friend who's actually the best troll out there.

Keep ReadingShow less
Danny Glover
Gilbert Carrasquillo/GC Images/Getty Images

Fans Rally Around Danny Glover After He Reveals That He's Living With Alzheimer's Disease In Poignant New Interviews

In an appearance filmed for the TODAY show that aired on Tuesday, actor and activist Danny Glover revealed he, like over 7 million other Americans, is living with Alzheimer's disease. The progressive, fatal neurodegenerative disease causes memory loss and cognitive decline.

The veteran actor has 200 film and TV credits to his name going back almost 50 years. His theatre credits extend even further. Glover has also received several prestigious awards for his decades of humanitarian work and political activism, including the Academy of Motion Picture Arts and Sciences' Jean Hersholt Humanitarian Award in 2022.

Keep ReadingShow less
Screenshots of Marsha Blackburn from elevator video
NewsChannel 5

MAGA Senator Tries To Dodge Reporter's Questions Only To Get Thwarted By Elevator In Super Cringey Viral Video

Tennessee Republican Senator Marsha Blackburn was called out after attempting to dodge questions from journalist Ben Hall of NewsChannel 5, the CBS affiliate in Nashville, only to be thwarted by an uncooperative elevator.

Blackburn is the frontrunner in the Republican primary for Tennessee governor; early voting is less than three weeks away and Blackburn has kept a very low profile. That was true even after she just spoken to the Greater Nashville Technology Council for an event members of different media outlets had been invited to attend.

Keep ReadingShow less
Screenshot of JD Vance; Joe Biden
@atrupar/X; Scott Olson/Getty Images

JD Vance Just Tried To Make A Pitiful Joke About Biden To U.S. Troops—And It Fell Awkwardly Flat

Vice President JD Vance had people groaning after a joke he made about former President Joe Biden falling on the stairs was met with silence from those who attended an event meant to honor "American military excellence."

Vance was speaking to troops at Naval Air Station Oceana in Virginia Beach, Virginia, at one of many different events designed to honor the 250th anniversary of the founding of the United States.

Keep ReadingShow less