The recently released iPhone app Pokémon Go has taken the world by storm—with over 52,000 reviews on the App Store, and millions of users, since being released just one week ago. And while there’s tons of hype around the app, there’s also some concerns.
There were some security issues discovered by blogger Adam Reeve—which have now gone public. When signing in, users must use an existing Google account (you can’t create a new account through the app). Normally, when signing into an app on your iPhone or iPad, you’d receive a notification asking to grant permission to use features of your phone—like, “This app would like to use your camera.” When signing into Pokémon Go, however, you’re unknowingly granting full access to your Google account. This allows Niantic (the app developer) to access things like: documents in your Google Drive (including deleting them), your search history, private photos in your Google Photos app, and even the ability to read and send emails. Now, that doesn’t mean they will (and it’s highly unlikely they ever would), but it’s still concerning, nonetheless.
A statement has been released from both Nianitc and Google who acknowledge the issue and are working on a fix to change those permissions. For now, here’s a few tips to help keep you safe while playing Pokémon Go:
Create a secondary Google account that isn’t connected to your email, maps, photos, or documents. This helps ensure there’s nothing that can be accessed of any personal or private value.
Manage your account security by going to your account page on Google. From here, you can see and manage which apps you’ve approved to connect to your account, and delete the ones you don’t use—or trust—anymore.
Look for updates by opening the App Store app on your iOS device, then tapping Updates. If there’s a new update for Pokémon Go, it will be available here.
And, here’s an extra tip: Never catch Pokémon alone—always stay in groups and be aware of your surroundings. You’ll not only have a great time meeting new people who also love Pokémon (maybe even more than you), but ensures you you stay safe while adventuring outside into unknown areas.
[UPDATE] It looks like the developer has made an update available today…so go catch it! (seriously, go update it now)
The update states the new version (1.0.1) includes a fix for Google account scope (which is a clever way of saying we’re asking permission, now). This permission includes things like accessing your location while using the app, knowing who you are on Google, viewing your email address, and more.