Pokemon-mania has taken over the world once again, years after the TV show has ended, and this time, it’s because of the recently released Pokemon Go mobile game released for Android and iOS last week.
While the game is on a limited and very slow release, millions of people are already playing and even more want to, but currently can’t.
One of the people that had the “privilege” to install the game was Adam Reeve, who noticed something strange during the sign-up process.
Pokemon Go doesn’t prompt some iOS users for permissions during sign-up
In its current form, users that want to play the game have to sign up for the app. Unfortunately, the app doesn’t allow users to create accounts but asks them to log in using their pokemon.com or Google accounts.
Because the pokemon.com website has disabled registrations, possibly due to the very large number of users flooding their servers, the only viable method for a new user to play the game is to use his Google account.
During the sign-up process, Adam noticed something strange. While authenticating the app with his Google account, he didn’t see the intermediary screen which Google usually shows detailing what type of data the app can access from the user’s Google account.
Pokemon Go gives itself full account access
After authenticating the app, regardless of the missing screen, Adam visited the “Apps connected to your account” page, where Google lists what type of data each app can access about your account.
To his immense surprise, the app had automatically received full access to his account, even if he was never prompted for such an intrusive setting.
And by full access, Google really gives an app full access. This includes the ability to read the content of emails, send emails in your name, access private Google Drive or Google Photos files, view Maps or Search history, and a whole bunch more.
“Now, I obviously don’t think Niantic [Pokemon Go developers] are planning some global personal information heist,”on his Tumblr. “This is probably just the result of epic carelessness.”
This behavior seems to be limited only for some iOS devices (not all) and does not affect Android users. Nevertheless, iOS users shouldand see what permissions they’ve granted the app, and if they’re not comfortable, they should just uninstall it.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article from FiveFilters.org: .