- FBI raided millionaire YouTuber’s home, allegedly took everything Thursday 6:55 PM
- A fake Labour party website is spreading disinformation in Britain Thursday 6:16 PM
- Twitter bans cricket club for posting ISIS content in apparent hack Thursday 6:12 PM
- This dad remade his daughter’s NSFW photo—and people are loving it Thursday 5:51 PM
- Teen allegedly posted ‘slave for sale’ Craigslist ad featuring his Black classmate Thursday 5:28 PM
- People are crushed that this teen love story might be a TikTok ‘joke’ Thursday 4:50 PM
- Is Jacob Wohl evading his Twitter ban with Jack Burkman’s account? Thursday 2:06 PM
- Biden’s most perplexing debate answers, explained Thursday 2:03 PM
- How to stream Colts vs. Texans on Thursday Night Football Thursday 12:52 PM
- Netflix drops ‘A Christmas Prince: The Royal Baby’ trailer Thursday 12:43 PM
- Uber says it will audio-record rides to address safety concerns Thursday 12:41 PM
- ‘Avengers: Endgame’ writers go in-depth on how they decided which superheroes lived and died Thursday 12:22 PM
- How to watch Duke vs. Cal in the 2K Empire classic Thursday 12:09 PM
- Trump’s impeachment notes get riffed into punk songs Thursday 12:01 PM
- Pete Buttigieg can’t do the Pete Buttigieg dance Thursday 11:55 AM
When they say you gotta catch ’em all, Pokémon Go‘s developers may have meant catching complete control of every user’s entire Google account—largely in secret, without letting users know up front exactly what the app can do.
Today’s most popular mobile game lets users login through their Google accounts, but it fails to specify how Pokémon Go and Niantic, the company that’s working with Nintendo to develop the game, are going to use that account. The answer, researcher Adam Reeve reported, is that Pokémon Go can do almost anything with your account.
The app can read your email, send email as you, access your Google Drive, read your Google Search and Maps history, and look at private photos. All of that comes without any specific notification to you about how much of your data they’re opening up.
Furthermore, a users’ Google’s Connected Apps page doesn’t list Pokémon Go, so users can’t figure it out through that avenue either.
“Now, I obviously don’t think Niantic are planning some global personal information heist,” Reeve wrote. “This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies.”
Niantic Labs was owned by Google until late 2015.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.