Pokémon Go as a Security Lesson

Supposedly if you use Google.com to log in you inadvertently gave the app complete access to your whole Google account.

Few games have exploded in popularity the way Pokémon Go has in the last few days. And, several days after its release there was an almost equally huge explosion in the press that supposedly if you use Google.com to log in you inadvertently gave the app complete access to your whole Google account, including the ability to read your email, calendar, docs and even send emails as you.

After some further investigation and a response by Google, it appears this is not true. Or maybe it is. At this point it’s hard to tell how the software interacts with Google’s accounts. Here’s one way to solve the issue in a limited way or you can use the Facebook Login instead. Why?

This brings me to a significant security issue: ease of sign on using existing services. Most websites want you to make an account and they give you at least two ways to do it: create a new account using your email address and a fresh password, or just use Facebook to log in for you. The second one is much easier. However, if you don’t read the small print, it’s hard to know exactly what the app or website will be accessing to give you this access. To be fair, many list the specifics like name, email and a few other details about you.

In the case of Pokémon Go there are only two sign in options: Google or Facebook. People using their Google.com address may risk revealing more than they know. But, regardless of how Pokémon Go does it, using any pre-existing account to log into a new service is a bad idea. It’s a pain, but the only secure way of interacting with website and app accounts is to create a new account from scratch.

We will keep you up to date on the Pokémon Go issue, but in the meantime, create a new account or at least use the sign on service that’s less important. For me, Facebook is a much less important target than my Gmail account. I suspect you are the same.

2 Responses to “Pokémon Go as a Security Lesson”

  1. James 23 July 2016 at 4:44 pm #

    And I heard a hacking group wants to DDOS the pokemon go servers on August 1st. Interesting

  2. Peter 17 August 2016 at 10:49 am #

    Thanks for shedding some light on the security issues with Pokemon GO. Quite useful for people to refer and know about all the security concerns with the game.

Leave a Reply

Submit the word you see below: