- Who is Corn Pop? Here are all the theories about the gang leader from Joe Biden’s past Sunday 4:37 PM
- Fresh sexual misconduct allegations against Kavanaugh spur calls for impeachment Sunday 3:28 PM
- Mike Pence says a triple crown winning racehorse bit him Sunday 12:51 PM
- Disney CEO Bob Iger leaves Apple board amid streaming wars Sunday 12:01 PM
- Influencer Destiny Marquez faces backlash for berating Forever 21 employee Sunday 10:32 AM
- Chelsea Handler tackles system racism in ‘Hello Privilege. It’s Me, Chelsea’ Sunday 9:18 AM
- Gun control proposal: Trump, lawmakers considering background check-conducting app Sunday 9:05 AM
- How to stream Browns vs. Jets on Monday Night Football Sunday 7:00 AM
- What are anons? Sunday 6:30 AM
- How to stream Eagles vs. Falcons on Sunday Night Football Sunday 6:00 AM
- How to stream ‘Power’ season 6, episode 4 Sunday 5:00 AM
- How to stream WWE’s Clash of Champions 2019 Saturday 8:00 PM
- How ‘F*ck off Scotland’ became a Scottish rallying cry amid Brexit madness Saturday 6:28 PM
- A Missouri officer resigned after his Islamophobic Facebook posts surfaced Saturday 5:08 PM
- Adding ‘Triggered’ to stock photos of white men creates Netflix comedy special thumbnails Saturday 3:10 PM
When they say you gotta catch ’em all, Pokémon Go‘s developers may have meant catching complete control of every user’s entire Google account—largely in secret, without letting users know up front exactly what the app can do.
Today’s most popular mobile game lets users login through their Google accounts, but it fails to specify how Pokémon Go and Niantic, the company that’s working with Nintendo to develop the game, are going to use that account. The answer, researcher Adam Reeve reported, is that Pokémon Go can do almost anything with your account.
The app can read your email, send email as you, access your Google Drive, read your Google Search and Maps history, and look at private photos. All of that comes without any specific notification to you about how much of your data they’re opening up.
Furthermore, a users’ Google’s Connected Apps page doesn’t list Pokémon Go, so users can’t figure it out through that avenue either.
“Now, I obviously don’t think Niantic are planning some global personal information heist,” Reeve wrote. “This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies.”
Niantic Labs was owned by Google until late 2015.
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.