Slashdot Mirror
Pokemon Go Was Never Able To Read Your Email (gizmodo.com)
Last week a security researcher noted that Pokemon Go's iOS app -- for whatever reason -- was gleaning complete hold of one's Google account. But is that really the case? Gizmodo contacted Adam Reeve, the security researcher in question (who also happens to be a former senior engineering manager at Tumblr) to get more details on his claims, upon which Reeve, now Principal Architect at Red Owl Analytics, said he wasn't "100 percent sure" his blog was true. From the report: Cybersecurity expert and CEO of Trail of Bits Dan Guido has also cast serious doubt on Reeve's claim, saying Google tech support told him "full account access" does not mean a third party can read or send or send email, access your files or anything else Reeve claimed. It means Niantic can only read biographical information like email address and phone number.In a statement, Google tech support said:In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail")Niantic, the company behind Pokemon Go app also assures that its app doesn't access anyone's email. Moreover, it is working with Google to ensure that only a user's profile data is accessed by the app. In a statement to Gizmodo, the company said:We recently discovered that the Pokemon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokemon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokemon GO or Niantic. Google will soon reduce Pokemon GO's permission to only the basic profile data that Pokemon GO needs, and users do not need to take any actions themselves.Perhaps people should be more careful about the accusations they make.
Perhaps people should be more careful about the accusations they make.
Why?
Accusations are often all that is needed in this world to create the effect you desire. Accusations work, because people think that an accusation = "Guilty" or at least "suspicious" and that is all that is needed to trigger the "fear" response. It works, because most people don't actually THINK, don't want to think, they only care about Kardashians or Taylor Swift.
Seriously, WE (us people) should require people making accusations to start putting up or shutting up. Guilty until proven innocent sucks.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Although we request you approve "full access" we don't use it, and we promise we won't in the future...
No thank you...
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
The accusation was that the app had "full access" to google account data. Hence Slashdot's previous headline, PSA: Pokemon Go Has Full Access To Your Google Account Data
This previous story was accurate and true, because by the developers own admission,
They are fixing it, and kudos for fixing it, and they've confirmed with Google that they didn't access any additional information, but they still fucked up and have admitted they fucked up.
Go to hell