Skip to main content

Pokemon Go is a huge security risk

Pokemon Go is a huge security risk


Pokemon Go is

I figured I�d post this because I don�t see anyone else talking about it and it bothers me. If you didn�t know, Pokemon Go is the latest in the long running series of games from Nintendo (although Go is actually made by a developer called Niantic). It�s also the first (I think) to run on your phone. Needless to say, it�s a huge hit. And it looks like a ton of fun - pretty much everyone I know is playing it.

But there�s a problem.

To play the game you need an account. Weirdly, Niantic won�t let you just create one - you need to sign in with an existing account from one of two services - the pokemon.com website or Google. Now the Pokemon site is for some reason not accepting new signups right now so if you�re not already registered there you�ll need to use a Google account - and that�s where the fun begins.
I started the game, hit the Google button, and was redirected to log in. Normally you�d see a little message saying what data the app is going to be able to access - something like �This app will be able to view your email address and name�. For some reason that�s not shown in this case, but I went ahead and logged in anyway. Then on a whim I went to see which permissions it was granted (you can see for your own account right here). To say I was a little stunned is putting it lightly - it said:
Pokemon Go has full access to your Google account
Here are a couple of excerpts from the Google help page about what this means:
When you grant full account access, the application can see and modify nearly all information in your Google Account
This �Full account access� privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet. 
Let me be clear - Pokemon Go and Niantic can now:
  • Read all your email
  • Send email as you
  • Access all your Google drive documents (including deleting them)
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos
  • And a whole lot more
What�s more, given the use of email as an authentication mechanism (think �Forgot password� links) they now have a pretty good chance of gaining access to your accounts on other sites too.
And they have no need to do this - when a developer sets up the �Sign in with Google� functionality they specify what level of access they want - best practices (and simple logic) dictate you ask for the minimum you actually need, which is usually just simple contact information.
Now, I obviously don�t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don�t know anything about Niantic�s security policies. I don�t know how well they will guard this awesome new power they�ve granted themselves, and frankly I don�t trust them at all. I�ve revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there�s no way it�s worth the risk.

http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk

download file now

Labels:

Popular posts from this blog

Lightshot Easy Screen Shot Print Screen terbaru Desember 2016 versi 5 4 0 1

Lightshot Easy Screen Shot Print Screen terbaru Desember 2016 versi 5 4 0 1 Do you want to take screenshots outside of your browser? Choose the most functional Lightshot download option in order to get this opportunity. This application allows you to take screenshots directly from your desktop. Feature : Fast screenshot of selected area - Our app allows you to select any area on your desktop and take its screenshot with 2 button-clicks. Easy-to-use application - Simple interface of our app, its useful features and light weight make your work so very fast and pleasant. Share screenshots via Internet - Upload your screenshot to the server and get its short link right away. Powerful editors - You can edit screenshots instantly when taking them or later using a powerful online editor. Similar image search - Find similar images. Select any image on your screen and find dozens similar images. Various Platforms - Lightshot is available for Windows/Mac, Chrome, Firefox, IE & Opera....
Read more

SHERLOCK HOLMES THE HOUND OF BASKERVILLES O CÃO DOS BASKERVILLES DUBLADO 1959

SHERLOCK HOLMES THE HOUND OF BASKERVILLES O CÃO DOS BASKERVILLES DUBLADO 1959 DETALHES T�CNICOS DO ARQUIVO �timo filme cl�ssico com Christopher Lee para download gr�tis. Download do filme legendado, download do torrent e download da legenda em portugu�s. Veja abaixo os dados t�cnicos deste filme. FICHA T�CNICA LINK DIRETO �UDIO: PORTUGU�S LEGENDAS: SEM LEGENDAS FORMATO: AVI - MKV TAMANHO: 461Mb - 990Mb LINKS: PARTE �NICA FICHA T�CNICA BAIXAR TORRENT �UDIO: INGL�S LEGENDAS: COM OU SEM LEGENDAS FORMATO: V�RIOS SINOPSE Um mal demon�aco oculta-se no fundo dos penhascos cobertos pela n�voa dos lend�rios terrenos de ca�a na Inglaterra. Na forma de um diab�lico c�o de ca�a, ele se alimenta da carne dos herdeiros da mans�o Baskerville. Mas antes que essa besta selvagem possa cravar seus dentes no mais novo dono da propriedade, ele precisa lan�ar suas ferozes presas contra o perspicaz intelecto do mais poderoso advers�rio que ele jamais encontrou, o incompar�vel Sherlock Holmes. Mais informa��e...
Read more

How to Run Mac OS Sierra on a PC Windows 10 8 or 7 Best Method 2017

How to Run Mac OS Sierra on a PC Windows 10 8 or 7 Best Method 2017 Birsa Agricultural University Recruitment 2017� 85 Scientist, Programme Assistant Graduate Pass Govt Job Birsa Agricultural University is going to recruit fresher candidates in India for Scientist, Programme Assistant Posts. So, those candidates who are willing to work with this organization they May apply for this post. Last Date of Apply 28-August-2017. Total numbers of vacancies are 85Posts. Only those candidates are eligible who have passed Bachelor�s Degree in Agriculture or other branch of science relevant to Agriculture or equivalent/ qualification from a recognized university. Indian citizen having age in between 18 to 35 years can apply for this Birsa Agricultural University Recruitment 2017. Those who are interested in these Birsa Agricultural University jobs in India and meet with the whole eligibility criteria related to these Birsa Agricultural University job below in the same post. Read the whole arti...
Read more