Skip to content
Search AI Powered

Latest Stories

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users

[DIGEST: CNN, The Guardian]

Niantic Labs, the developers of augmented reality game Pokemon Go, made emergency fixes to the game after discovering the app inadvertently had been granted full access to users’ Google accounts. The permissions appeared to affect players who signed up with their Google accounts on Apple devices. According to Google, “full access” means Pokemon Go "can see and modify nearly all information in your Google Account." This includes access to email. Nintendo of America, which owns the Pokemon brand, declined comment. Pokemon Go’s release last Thursday shattered industry records and sent Nintendo’s stock soaring. To date, the game has been downloaded on Android and Apple devices more than 5 million times.


The news sparked fears that playing the game would allow its developers to not only read and send email, but edit and delete documents in Google Drive and Google Photos and access individual browser and map histories. In a statement Monday night, Niantic assured users it only sought minimal information, specifically a user’s unique player ID and email address and that it was working to reduce the user permissions required to play the smartphone game. The company admitted, however, that “the Pokemon Go account creation process on iOS erroneously requests full access."

Credit: Source.

It does not appear Niantic intentionally sought access to users’ personal data––Ingress, Niantic’s other augmented reality game, only requests minimal information from its users––but the company uses an outdated version of Google’s shared sign-on service. This approach is favored by app developers because it makes sign-up quicker and easier for players. It negates the need to create another online account using credentials already stored on their phones. Ideally, shared sign-ons should ask the user what permissions they want to grant the app. In this case, the permission-granting step was skipped because Niantic used an unsupported and out-of-date version of the sign-on process. This error then prompted Google to default to warning users that Pokemon Go had “full access” to their accounts.

It is difficult to ascertain just how much of the blame for the security scare can be apportioned between both parties, but it appears Google may have presented

the limited permissions granted as full access. “Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” Niantic said. “Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

Adam Reeve, a computer security expert at cybersecurity firm RedOwl, claimed he discovered the security vulnerability. In a blog post written Monday, Reeve said, "This is probably just the result of epic carelessness. I don't know how well they will guard this awesome new power they've granted themselves... I really wish I could play, it looks like great fun, but there's no way it's worth the risk." Mark Nunnikhoven, a computer security expert with cyber security firm Trend Micro, echoed Reeve’s concerns. "A game shouldn't require this amount of access to your data,” he said.

Credit: Source.

However, fellow cyber security expert and Trail of Bits CEO Dan Guido cast doubt on Reeve’s claim after reaching out to Google tech support. Google assured him that “full account access” does not mean a third party can read or send email, let alone access files. In a statement, Google said that “In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail").” Reeve has since backtracked on his claim, saying he wasn’t “100 percent sure” his blog post was true. Reeve, a former senior engineering manager at Tumblr, admitted he had never built an application that uses Google account permissions and had never tested the claims he makes in his blog post.

More from News

JD Vance; Jen Psaki
Johannes Simon/Getty Images; Kevin Dietsch/Getty Images

Vance Gets Brutal Reminder After Accusing Jen Psaki Of 'Attacking' People For Praying Following School Shooting

Vice President JD Vance was criticized after he lashed out at MSNBC host Jen Psaki for saying that "prayer is not freaking enough" to end school shootings after a shooter killed two children and wounded 17 others during the first week of classes at Annunciation Catholic School in Minneapolis.

Psaki spoke out on X shortly after the shooting occured, to stress that "thoughts and prayers" don't actually address or prevent mass shootings and gun violence overall:

Keep ReadingShow less
Screenshots from @andydouglas.trumpboy's TikTok video; President Donald Trump
@andydouglas.trumpboy/TikTok; Andrew Harnik/Getty Images

Video Of Little Boy Sobbing After Finding Out Trump Is A Real Person Goes Viral—And We Totally Get It

Whether it was Santa Claus, the Tooth Fairy, or some other important facet of childhood, most of us found out when we were kids that something we loved did not exist, and it was absolutely devastating and world-changing.

But imagine there being something that you deeply disliked or feared, only for you to find out that it actually exists on the same plane and in the same timeline as you.

Keep ReadingShow less
Screenshots from @originalsugarphly's TikTok video
@originalsugarphly/TikTok

Woman Stunned After Best Friend Of 23 Years Ends Friendship Over Her 'Mom Shorts'

We will all have friends who come into our lives for a reason, for a season, or for a lifetime. There are those situational friendships, like from work or school, that dissolve when we exit that space, and there are friendships that might form from knowing the same people.

Then there are those tried-and-true friendships that we think will truly stand the test of time—but even those sometimes fracture under pressure. And sometimes for the most ridiculous reasons.

Keep ReadingShow less
Screenshots from @nurse_xtina129's TikTok
@nurse_xtina129/TikTok

Woman Sparks Debate By Putting Out Small Fire At Dunkin' Donuts After Workers Ignored It

Imagine hitting that afternoon slump and seeking out your favorite caffeinated beverage: a highlight in an otherwise dumpster fire kind of day. But then you arrive at your coffeehouse of choice—and there's literally a fire.

TikToker Cristina Conklin was waiting in line for a beverage at Dunkin' Donuts in Warwick, New York, when she became either a villain or a hero, depending on who was watching her TikTok video.

Keep ReadingShow less
Screenshots from David Dickson's TikTok videos
@new.beginnings639/TikTok

56-Year-Old Man Leaves The Internet In Shock After Showing Off His Mexican Facelift

Between constant conversations about generations not looking their age, and a resurgence of "skinnytok" and "beautytok," there's this renewed pressure for everyone to look their best, for them to refresh their look, and most importantly, to look a decade younger than they actually are.

Stories have been circulating about Americans going to Mexico, specifically Guadalajara, in search of quality and affordable plastic surgery to give them a fresh look, but patients are walking away looking much younger than you might expect.

Keep ReadingShow less