Beware: Pokémon Security Vulnerability Allows Access to User’s Entire Google Account
LAS VEGAS— With over 7.5 million downloads since launch on July 6, 2016, Pokémon Go is a wildly popular game but Axiom Cyber Solutions wants to warn users of the security risks of the app connected to user’s Google accounts.
Currently, the app offers the option to connect with a Pokémon Trainer Club account or a Google Account. A large percentage of users are choosing to connect with their Google account, not knowing that they are giving the app permission to their entire Google account including documents and photos to email messages and search history, and even items stored in the cloud. A patch is being worked on by the app developers to restrict the app permissions to only basic Google information and the developers insist that so far the app has only accessed basic information, there is still a risk to users.
Ahead of the patch, users can restrict access to their Google account information through their Google Account. To change the app permissions, go to “My Account” on Google (https://myaccount.google.com/) and navigate to “Connected Apps and Sites”. Select “Manage Apps” and then on the Pokémon Go app, and select “Remove Access”.
Android users must also be wary of third-party download sites that are offering malware-infected versions of the app. Security research firm Proofpoint has found a version available from a third-party site that was packaged with a remote-access Trojan (RAT) which would give a hacker full control over the phone once activated.
