Niantic Fixes Pokemon Go’s Intrusive Google Access for iOS

As of an update released on Tuesday, the unrestricted Pokémon Go Google access flaw has been patched for iOS users. The hottest mobile game of the year had been called-out for exposing users to a major security flaw during its sign-up process—one that, on the surface, granted the app full access to Google account information, including, potentially, email, photos, and more. 

Though passwords & Google Wallet credit cards were safe from Pokémon Go and its creators, Niantic, basically everything else was seemingly up-for-grabs should the company fall victim to a breach. To make matters worse, nothing during sign-up indicated that users were giving Niantic full-access.

Problem was, none of this was even true: as Ari Rubinstein of Slack security discovered, Pokémon Go never had full access to anyone’s Google account in the first place. It was all the result of an out-of-date API, and an incorrect message displayed on Google’s end.

Regardless of the confusion, no part of this was nefarious in nature, and Niantic isn’t bothering with explanations. Instead, the company has released an update for iOS users (the only ones apparently impacted), available now.

Since its release last week, more than 7.5 million have downloaded Pokémon Go, which has stayed atop the App Store free chart. Nintendo, which owns 1/3 of the franchise, has seen their market value increase by over $7 billion in just two days due to the game’s release.


4 Pingbacks/Trackbacks