hackernews--"Pokemon Go player has a huge security risk"

Translator Note: The original text from Hackernews, starting Tumblr, titled Pokemon Go is a huge security risk. Author Adam Reeve, with a Shang of this fat man.

 The reason I wrote this article was because I didn't see anyone else discussing it, which bothered me. Pokemon Go is the latest game by Nintendo, the famous gaming company (though its actual developer is Niantic), and it should be the first Nintendo hand tour we have played. This game now exactly how much fire, this does not need to say more, anyway is hot to not. There are few people I know who are not playing Pokemon.

However, one flaw has been overlooked by all.

 you need a game account to get into the world of wonderful frog seeds and Jenny turtles. Oddly, Niantic doesn't allow you to create a separate account, but you need to log into the game via pokemon.com or Google's account. For some reason, the Pokemon website has not allowed the new registered account now, so the new player must pass the Google account in order to log in, and this is the most notable place.  I open the game, click on the "Through Google Account" button, and then log in directly. Typically, you'll see a small print that says what permissions the app will get, like "the app will be able to get your email address and username". For a variety of reasons, when playing "Pokemon", I did not see this kind of information, but I continue to log on. After a while, I suddenly had a whim to see what permissions were authorized. As a result, I was surprised to find:

Pokemon Go gets all the permissions for my Google account!

   

on the Google help page, we can see what "app gets all permissions" means: If you grant all permissions, the app can browse and edit all the information in your Google account. It is recommended that you grant this permission only to apps that are installed on your private electronic device that you fully trust.  more bluntly, now Pokemon go and Niantic can:

• Look at all your e-mails.
• Send an email in your name
• Download or delete all files in your Google Cloud
• See where your search history and Google Maps go
• Get all the photos you've stored on Google Photos
• And doing more of your unexpected behavior.

also, as long as they want, big can go through your mailbox to enter your account on other websites, because most websites can change the password through the mailbox.  In fact, this game does not need to do so at all. As a general rule, game developers only need to use the "sign in Google" (translator note: Similar to many apps through the same login) interface to obtain the necessary information, usually a simple contact information.  I do not think that Niantic is intentionally "private information theft around the world", and it is likely to be a result of an inadvertent loss. However, because I have no idea what Niantic's security policy is, I don't know exactly how they will protect the account authority information that could have a huge impact, so I don't think I can trust them at all. I canceled all permission grants and deleted the game.  I really want to play, because it looks very interesting, but it is not fun enough to take such a big risk.    

(My personal public number: Scut_xiaoy, search ID or scan the QR code below to add attention, focus on the programmer's own growth and the new changes in the internet age)

hackernews--"Pokemon Go player has a huge security risk"