Pokemon: GO IOS version is not good: it is a Privacy nightmare.
38 replies, posted
[URL="http://http://arstechnica.com/gaming/2016/07/pokemon-go-on-ios-gets-full-access-to-your-google-account/"]http://http://arstechnica.com/gaming/2016/07/pokemon-go-on-ios-gets-full-access-to-your-google-account/[/URL]
[QUOTE]A word of warning if you're playing Pokémon Go on iOS: signing into the app through Google currently gives the game full access to your Google account (hat tip to Adam Reeve for discovering the issue). External apps that you sign into with Google often ask for a small subset of permissions based on what they need to do—view your contacts, view and send e-mail, view and delete Google Drive documents, and so on. But Niantic's Pokémon Go iOS app doesn't ask, and with full account access, it can theoretically do all of those things and more. You can check on and revoke permissions for Pokémon Go and any other external app on this page.[/QUOTE]
Check your permissions on the IOS version.
Even if it has access, I 100% doubt that it will use it for anything more than what it already does.
Probably just a coding bug or a developer just trying to set people off for a laugh.
[QUOTE=MaximLaHaxim;50692719]Even if it has access, I 100% doubt that it will use it for anything.
Probably just a coding bug or a developer just trying to set people off for a laugh.[/QUOTE]
Security isn't about what does or doesn't happen, it's about what [I]could[/I] happen.
[QUOTE=unrezt;50692723]Security isn't about what does or doesn't happen, it's about what [I]could[/I] happen.[/QUOTE]
basically as long as there is code in there that has access to everything, hackers could grab it, same problem with the Internet of things.
pretty big security flaw, and pretty interesting as the same developers made it and i'm guessing android doesn't have this problem
[QUOTE=unrezt;50692723]Security isn't about what does or doesn't happen, it's about what [I]could[/I] happen.[/QUOTE]
Oh come on, Nintendo and Niantic would never allow this info to be abused. It's just not them. Unless a dumb developer tried to use it to hack into people's accounts-- but even then, could you really blame Nintendo and Niantic for that?
[QUOTE=MaximLaHaxim;50692741]Oh come on, Nintendo and Niantic would never allow this info to be abused. It's just not them. Unless a dumb developer tried to use it to hack into people's accounts-- but even then, could you really blame Nintendo and Niantic for that?[/QUOTE]
Check the privacy policy...
[QUOTE=OmniConsUme;50692750]Check the privacy policy...[/QUOTE]
I'm not saying they should leave it as is. Of course I think they need to change it so they don't contradict their policies. I'm saying that this is no big security concern, and if it was Nintendo and Niantic wouldn't be to blame, some dumb dev would be. They'll change it back and everything will be fine.
[QUOTE=Octopod;50692737]pretty big security flaw, and pretty interesting as the same developers made it and i'm guessing android doesn't have this problem[/QUOTE]
we don't know if the Android version has it, could a person who have the android version check permissions.
[QUOTE=MaximLaHaxim;50692741]Oh come on, Nintendo and Niantic would never allow this info to be abused. It's just not them. Unless a dumb developer tried to use it to hack into people's accounts-- but even then, could you really blame Nintendo and Niantic for that?[/QUOTE]
If someone abused their poor implementation of permissions on their app then it is their fault
[QUOTE=Saxon;50692774]If someone abused their poor implementation of permissions on their app then it is their fault[/QUOTE]
It is not the company's fault imo, it's the shitty dev's fault.
I would say this is probably a mistake, because the android version does not have this problem- regardless, this is pretty shitty. Apparently you can just revoke that access right now, though, so if you have the IOS version go to security dot google dot com and do just that.
Reminder that Niantic Labs is part of Google, not some randomass startup nobody's ever heard of out of some former Soviet Bloc state.
[QUOTE=OmniConsUme;50692764]we don't know if the Android version has it, could a person who have the android version check permissions.[/QUOTE]
as far as phone permissions, it's fine, but i'm not sure what google account permissions it's using
basically with the way google sign-ins work, you already gave whatever permissions to pokemon go as soon as you finish signing in. though i'm pretty sure it was supposed to tell you what permissions first.
[editline]11th July 2016[/editline]
[QUOTE=MaximLaHaxim;50692777]It is not the company's fault imo, it's the shitty dev's fault.[/QUOTE]
it would be the entire dev team's fault
[QUOTE=elixwhitetail;50692814]Reminder that Niantic Labs is part of Google, not some randomass startup nobody's ever heard of out of some former Soviet Bloc state.[/QUOTE]
Except they are not anymore
[url]http://www.theverge.com/2015/8/12/9145693/niantic-labs-leaves-google-independent-ingress[/url]
Since Google, Nintendo and the Pokemon Company have poured millions into the growth of the studio i doubt they will let this issue flpat arpund for long.
You can remove the permissions from ypur permissions manager by the way in your google account.
[editline]11th July 2016[/editline]
[QUOTE=GetGrenade;50692926]Except they are not anymore
[url]http://www.theverge.com/2015/8/12/9145693/niantic-labs-leaves-google-independent-ingress[/url][/QUOTE]
They might not be anymore but they got tight roots into Google, they basically invested into the company making them partial owner of niantic
[QUOTE=darth-veger;50692943]Since Google, Nintendo and the Pokemon Company have poured millions into the growth of the studio i doubt they will let this issue flpat arpund for long.
You can remove the permissions from ypur permissions manager by the way in your google account.
[/QUOTE]
Doesn't it fuck with your game if you remove it though? I don't wanna lose my pokeymons :frown:
Then its a damn good thing I didn't grab GO when it first dropped.
I'll probably wait until this gets addressed and the game gets updated.
good thing I use throwaway gmail accounts for phone applications.
too many paranoid people in this thread
[QUOTE=Mio Akiyama;50693502]too many paranoid people in this thread[/QUOTE]
Complaining about unnecessary permissions=paranoid? I think its just common sense. Like don't give your brother your safe key when he just has to watch the cat.
as far as i'm aware, it's because the granular login available on android for google accounts isn't available on iOS
[QUOTE=BANNED USER;50693451]good thing I use throwaway gmail accounts for phone applications.[/QUOTE]
good thing all my google accounts are throwaway accounts
[QUOTE=GetGrenade;50692926]Except they are not anymore
[url]http://www.theverge.com/2015/8/12/9145693/niantic-labs-leaves-google-independent-ingress[/url][/QUOTE]
Huh, I forgot about that, and it'd explain why their logo changed.
However the likelihood that they'd do anything to get into Google's bad graces at this point is diminishingly small because they are [I]entirely[/I] reliant on Google services.
wow look i was right
[url]https://www.engadget.com/2016/07/11/pokemon-go-on-ios-is-digging-deep-into-linked-google-accounts/[/url]
[quote]We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.[/quote]
Also, Niantic, the company responsible, is [URL="https://en.wikipedia.org/wiki/Niantic,_Inc."]affiliated with (or even owned by) Google.[/URL] Google put money investments into Niantic along with Nintendo and the Pokemon Company, so they're on board with this. (Wikipedia page has citations)
[QUOTE=MasterKade;50694502]Also, Niantic, the company responsible, is [URL="https://en.wikipedia.org/wiki/Niantic,_Inc."]affiliated with (or even owned by) Google.[/URL] Google put money investments into Niantic along with Nintendo and the Pokemon Company, so they're on board with this. (Wikipedia page has citations)[/QUOTE]
i assume you didn't read the thread you posted in.
and a company investing in another doesn't necessarily have any control over said company
The windows phone app actually has the greatest security because it doesn't exist.
[QUOTE=OmniConsUme;50692764]we don't know if the Android version has it, could a person who have the android version check permissions.[/QUOTE]
[Media]http://imgur.com/a/d56I0[/media]
I disabled contacts and it doesn't seem to have affected anything after I've logged in.
[QUOTE=Del91;50695199]
I disabled contacts and it doesn't seem to have affected anything after I've logged in.[/QUOTE]
the account on device I assume is just so it can ask to use the google account that your device may contain (as goes with youtube and other google applications, as you can have multiple accounts on the device)
I assume after login, user data is stored in save data
won't need it again until you log out of the game. Theory at least
Sorry, you need to Log In to post a reply to this thread.