Feedback
Tech

Security Fail in Pokemon Go Means It Could ‘Pikachu’

'Pokemon Go' Craze Raises Concerns Over Personal Info Privacy 1:55

Pokemon Go, the virtual scavenger hunt that is raising Vitamin D levels across the country, has so far lured players into armed robberies, led to the discovery of a dead body, and resulted in a host of injuries as gamers wipe out while glued to their smartphones in search of animated avatars hidden in real world locations.

But now another danger has come to light — some players may have unwittingly given the game's developers access to everything on their Google account, from documents and photos to email messages and search history, and even items stored their cloud.

Due to the game's massive popularity — with an estimated 7.5 million downloads — some players chose to circumvent the official sign-up on the (overloaded) Pokemon Trainer Club website and joined via their Google accounts instead. However, due to a coding glitch, doing so on an iOS device results in giving the app "full access" to the gamer's account, meaning "the application can see and modify all information" contained therein.

In a statement posted on its website, the game's developer, San Francisco-based Niantic — incubated at Google but then spun out when Alphabet was created — acknowledged the loophole but refuted any privacy concerns, saying, "Pokemon Go only accesses basic Google profile information (specifically, your user ID and email address) and no other Google account information is or has been accessed or collected."

"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information," it said. "Google has verified that no other information has been received or accessed by Pokemon Go or Niantic."

The company is working on a patch, it noted, saying that permissions will "soon" be reduced to "only the basic profile data that Pokemon Go needs."

To fix the issue ahead of Niantic's update, Pokemon Go users should go to their "My Account" Google page, navigate to "Connected Apps and Sites," then select "Manage Apps." From there, click on the Pokemon app, and select "Remove Access."

Additionally, gamer safety can be assured via the use of sunscreen, wide-brimmed hats, and sensible shoes.