Pokemon GO - it's wildly popular, and it's also the source of more than a few conspiracy theories, a lot of them all pointing first and foremost at privacy concerns including that pesky full Google account access issue (which has since been limited). However, there was a risk of people being able to log in as Pokemon GO users if their "security token" was exchanged for a certain thing.
Millions of people have downloaded "Pokemon Go" since it hit app stores last week, and people are taking to the streets in their hunt for Pokemon.
Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. At the Associated Press bureau in Los Angeles, an outdated reference to a statue no longer on the property beckons Pokemon players in from the street.
Pokémon Go is letting its users find and catch Pokémon through, according to the Independent - and gamers love it. Now, less than 24 hours after Niantic made that promise, the update is live, and limits asked-for info to just "Know who you are on Google" and "View your email address". They neither need nor want all that power and merely have your basic information from Google: your User ID and your email address. As in the case of the compromised Pokemon GO APK we analyzed, the potential exists for attackers to completely compromise a mobile device.
Of course, the popularity of Pokemon GO represents other security risks.
Shares of Japanese videogame giant Nintendo have recorded a huge jump of 56.65 per cent at the Tokyo Stock Exchange since Thursday last week, following the success of its recently released smartphone game Pokemon Go. Is Pokemon Go a fad, or will it continue to dominate for some time?