Skip to content
Search AI Powered

Latest Stories

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users

Coding Error In Popular Pokemon Go Game Leaves Nintendo Scrambling To Reassure Users

[DIGEST: CNN, The Guardian]

Niantic Labs, the developers of augmented reality game Pokemon Go, made emergency fixes to the game after discovering the app inadvertently had been granted full access to users’ Google accounts. The permissions appeared to affect players who signed up with their Google accounts on Apple devices. According to Google, “full access” means Pokemon Go "can see and modify nearly all information in your Google Account." This includes access to email. Nintendo of America, which owns the Pokemon brand, declined comment. Pokemon Go’s release last Thursday shattered industry records and sent Nintendo’s stock soaring. To date, the game has been downloaded on Android and Apple devices more than 5 million times.

The news sparked fears that playing the game would allow its developers to not only read and send email, but edit and delete documents in Google Drive and Google Photos and access individual browser and map histories. In a statement Monday night, Niantic assured users it only sought minimal information, specifically a user’s unique player ID and email address and that it was working to reduce the user permissions required to play the smartphone game. The company admitted, however, that “the Pokemon Go account creation process on iOS erroneously requests full access."

Credit: Source.

It does not appear Niantic intentionally sought access to users’ personal data––Ingress, Niantic’s other augmented reality game, only requests minimal information from its users––but the company uses an outdated version of Google’s shared sign-on service. This approach is favored by app developers because it makes sign-up quicker and easier for players. It negates the need to create another online account using credentials already stored on their phones. Ideally, shared sign-ons should ask the user what permissions they want to grant the app. In this case, the permission-granting step was skipped because Niantic used an unsupported and out-of-date version of the sign-on process. This error then prompted Google to default to warning users that Pokemon Go had “full access” to their accounts.

It is difficult to ascertain just how much of the blame for the security scare can be apportioned between both parties, but it appears Google may have presented

the limited permissions granted as full access. “Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” Niantic said. “Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

Adam Reeve, a computer security expert at cybersecurity firm RedOwl, claimed he discovered the security vulnerability. In a blog post written Monday, Reeve said, "This is probably just the result of epic carelessness. I don't know how well they will guard this awesome new power they've granted themselves... I really wish I could play, it looks like great fun, but there's no way it's worth the risk." Mark Nunnikhoven, a computer security expert with cyber security firm Trend Micro, echoed Reeve’s concerns. "A game shouldn't require this amount of access to your data,” he said.

Credit: Source.

However, fellow cyber security expert and Trail of Bits CEO Dan Guido cast doubt on Reeve’s claim after reaching out to Google tech support. Google assured him that “full account access” does not mean a third party can read or send email, let alone access files. In a statement, Google said that “In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail").” Reeve has since backtracked on his claim, saying he wasn’t “100 percent sure” his blog post was true. Reeve, a former senior engineering manager at Tumblr, admitted he had never built an application that uses Google account permissions and had never tested the claims he makes in his blog post.

More from News

A woman looking at a group of people on a sidewalk
woman standing in the middle of crowd
Photo by Jason W on Unsplash

People Break Down The Most Bizarre Coincidences They Have Ever Experienced

There are those who go through life believing everything happens for a reason, that our destinies are all planned out by a power bigger than us, and our lives are ultimately driven by fate.

Then there are others who don't believe that one bit, and chalk up anything others might call "fate" or "destiny" to merely being a coincidence.

Keep ReadingShow less
Janet Jackson
Gilbert Carrasquillo/GC Images/GettyImages

Janet Jackson Hilariously Explains Why She Hates Being Interviewed—And We Totally Get It

Pop icon and actor Janet Jackson had a very candid response to being asked an interview question, and the internet didn't hate her for it.

The "Rhythm Nation" singer continues to perform since establishing herself early in the 1980s as an artistic force to be reckoned with in her own right, independent of her family's musical legacy.

Keep ReadingShow less
Screenshot of 'Family Feud' episode
'Family Feud'

'Celebrity Family Feud' Question About Greatest Rapper Of All Time Sparks Intense Debate

People online were shocked by answers during recent episode of Celebrity Family Feud, and honestly, their arguments were more than valid.

Celebrity contestants Tori Kelly and Meghan Trainor, along with their families, struggled to fill the board housing survey results of the "greatest rapper of all time"... but it wasn't completely their fault.

Keep ReadingShow less
Lauren Boebert; Donald Trump; Kamala Harris
Nathan Howard/Getty Images; Saul Loeb/AFP via Getty Images; Al Drago/Getty Images

Boebert Swiftly Fact-Checked After Using Old Trump Donation To Harris To Prove He Isn't Racist'

Colorado Republican Representative Lauren Boebert was swiftly fact-checked after using a $5,000 check former President Donald Trump once wrote to support Vice President Kamala Harris' re-election campaign as Attorney General of California as proof he can't be racist.

Boebert's action came after President Joe Biden dropped out of the 2024 race and endorsed Harris. At 81, Biden faced increasing concerns within his party about his age and capacity to serve another term, along with fears of a potential loss to former President Donald Trump—who is 78—in November.

Keep ReadingShow less
Screenshots of Donald Trump and Kamala Harris

2019 Kamala Harris Ad Explains Why She Is 'The Anti-Trump'—And People Can't Believe How Perfect It Is

A 2019 Kamala Harris for President ad that points out that she "prosecuted sex predators" and that former President Donald Trump "is one" has resurfaced after President Joe Biden dropped out of the 2024 race and endorsed Harris as his successor.

The video, which refers to Harris as the "anti-Trump," was originally produced during Harris’ bid for the 2020 Democratic nomination, highlights her accomplishments as a prosecutor—and demonstrates that Trump is exactly the type of person she would have prosecuted for his sex crimes.

Keep ReadingShow less