Pokemon Go is a 'huge security risk'
In case you haven't noticed yet, this year's biggest gaming craze is sweeping the nation!
Armed with smartphones, scores of gamers are now roaming the streets, hoping to find and catch little mythical creatures that seem to inhabit the nooks and crannies of the real world.
We're talking about Pokémon Go, of course - the new gaming app from Niantic Labs, which takes Nintendo's massively popular Pokemon video game out to the physical world.
Using your phone's GPS location tracking, Google Maps data, gyroscope and your camera, Pokémon Go generates virtual creatures around your real world space, superimposing them on your phone's camera viewfinder via augmented reality technology. The object of the game is to find and collect as many of these Pokémon creatures and amass "experience points" to make them stronger.
The game is largely unchanged from the old and current console Pokémon games, but now has a modern twist. Players must now physically travel around to track down and capture the virtual creatures.
So how popular is Pokémon Go? Really popular. Since its release on July 6th, Pokémon Go has been downloaded more than Tinder, and is set to overtake Twitter in daily active users. Now that's huge!
It is officially a viral hit among kids, millennials and nostalgic old-timers alike. But, there have also been reports of injuries, trespassing and police warnings against the dangers of the game.
Physical dangers aside, how about the security of the app itself?
People playing Pokemon Go:
Experts are saying the game could be a big security risk, at least for now. You see Pokémon Go uses two methods to sign up. The longer method is by signing up for a Trainer Club account via the game's website. The other method is by linking your Google account to the game through the app itself.
The issue is with the "full account access" permissions granted to the iOS app upon signing up with a Google account. Allegedly, this means the developers of the game could now fully access your Google account data, including reading and sending emails on your behalf, opening and deleting your Google drive documents, viewing your private Google photos and searching data, among other things.
According to Google support, "apps with full account access can see and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf)." Full account access should only be granted to applications you fully trust, it added.
But Niantic Labs responded to the allegations by saying that Pokémon Go only accesses basic Google account information and no other type of data has been collected. It is attributing the full account access permission of the app to a technical error and is working on a client side fix to patch the problem. This is great news for Pokémon Go fans.
So if you are a Pokémon Go gamer but you are still apprehensive about these app security allegations, what should you do?
Downgrading Pokémon Go's Google account access:
If you linked your Google account, you will have to revoke permissions to the Pokémon Go app by visiting your Google account settings page. From there, click on "Connected apps & sites" under "Sign-in & Security". On the next page, click "Manage Apps" and you will see a list of your connected apps and their access level. Just click on Pokémon Go and select "Remove".
If you wish to play Pokémon Go again before Niantic officially releases the fix, you can sign up for a Pokémon Trainer Club account. Keep in mind, though, that starting a game with a new Trainer Club account will wipe your Google Account game progress.
If you happen to have an Android device, another option is to relink your Google account using the Android version of the app. This is because the full access error only affects iOS devices that are connect to a Google account.