Pokemon Go Was Never Able To Read Your Email (gizmodo.com)

← Back to Stories (view on slashdot.org)

Pokemon Go Was Never Able To Read Your Email (gizmodo.com)

Posted by msmash on Tuesday July 12, 2016 @02:00AM from the setting-the-records-straight dept.

Last week a security researcher noted that Pokemon Go's iOS app -- for whatever reason -- was gleaning complete hold of one's Google account. But is that really the case? Gizmodo contacted Adam Reeve, the security researcher in question (who also happens to be a former senior engineering manager at Tumblr) to get more details on his claims, upon which Reeve, now Principal Architect at Red Owl Analytics, said he wasn't "100 percent sure" his blog was true. From the report: Cybersecurity expert and CEO of Trail of Bits Dan Guido has also cast serious doubt on Reeve's claim, saying Google tech support told him "full account access" does not mean a third party can read or send or send email, access your files or anything else Reeve claimed. It means Niantic can only read biographical information like email address and phone number.In a statement, Google tech support said:In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say "Has access to Gmail")Niantic, the company behind Pokemon Go app also assures that its app doesn't access anyone's email. Moreover, it is working with Google to ensure that only a user's profile data is accessed by the app. In a statement to Gizmodo, the company said:We recently discovered that the Pokemon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokemon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokemon GO or Niantic. Google will soon reduce Pokemon GO's permission to only the basic profile data that Pokemon GO needs, and users do not need to take any actions themselves.Perhaps people should be more careful about the accusations they make.

68 of 109 comments (clear)

Min score:

Reason:

Sort:

Guilty until Proven Innocent by Archangel+Michael · 2016-07-12 02:10 · Score: 4, Insightful

Perhaps people should be more careful about the accusations they make.
Why?
Accusations are often all that is needed in this world to create the effect you desire. Accusations work, because people think that an accusation = "Guilty" or at least "suspicious" and that is all that is needed to trigger the "fear" response. It works, because most people don't actually THINK, don't want to think, they only care about Kardashians or Taylor Swift.
Seriously, WE (us people) should require people making accusations to start putting up or shutting up. Guilty until proven innocent sucks.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
1. Re:Guilty until Proven Innocent by Archangel+Michael · 2016-07-12 02:33 · Score: 1
  
  Lighten up Francis.
  You poor Snowflake
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
2. Re:Guilty until Proven Innocent by zieroh · 2016-07-12 02:43 · Score: 1
  
  Except in this case, they *were* guilty and it was requesting more access than it needed; the developer flat out admitted it (in TFS no less).
  
  If you'll read the TFS more carefully, I think you'll find that what you describe was not, in fact, the main thrust of the TFS.
  
  --
  People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
Accusations vs. reality by geekmux · 2016-07-12 02:12 · Score: 2

"Perhaps people should be more careful about the accusations they make."
Uh, people should be more careful?
Ironically, while we're busy being paranoid about this app, damn near every other app installed on your phone is sucking your privacy dry.
Right or wrong, let's not pretend this accusation was birthed from sheer stupidity or an addiction to tin-foil hats. There's a damn good reason to be wary of app privacy today, as in there is no such thing.
1. Re:Accusations vs. reality by ripvlan · 2016-07-13 04:40 · Score: 1
  
  I think there are two problems with both the initial report and the fallout. First the definition of "full access" was taken and blown up by many without researching what that meant.
  The second seems to be seeking forgiveness because "yeah we asked for full permission but never used all of the potential features."
  The first is irresponsible reporting - but was solved with peer review. The second is the sorry state of security. An app that can be released requesting admin privs (remember Windows apps that wanted Full Administrator rights because it was the easy way around new Vista UAC -- and they we too lazy to call the correct APIs?) It seems this app vendor took the quick way without internally reviewing their security profile.
  And now the app is so popular that police are reminding people not to enter Private areas, "don't walk into signposts" -- and look out because criminals are using it to lure people and rob them. Yeah - there's a lot about this app that needs more review.
So, in short... by bobbied · 2016-07-12 02:12 · Score: 3, Insightful

Although we request you approve "full access" we don't use it, and we promise we won't in the future...
No thank you...

--
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
1. Re:So, in short... by _xeno_ · 2016-07-12 02:38 · Score: 2
  
  Pretty much.
  This is exactly the same as those old Windows apps that would only run as admin, even if they didn't really need admin privileges. Sure, they might not do anything particular evil with admin privileges that they don't really need.
  But only half the issue with Windows programs requiring admin access was the potential for the program itself doing something evil. Half the problem was security flaws in said programs being used by malicious third parties.
  It gets worse with games like Pokemon Go where half the game is on the server. Sure, Niantic may not be doing anything with their complete access to your Google account today. But if they get hacked in the future or if they later decide they do want to make access of that full access... what then?
  The entire reason behind granular permissions is to reduce the damage that can happen when something goes wrong.
  And there's also the point where apparently Google never asks you if you want to hand over full control of your Google account to what's now a third party.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
2. Re:So, in short... by shaitand · 2016-07-12 03:51 · Score: 2
  
  I know it's a slashsin but reading the story reveals that "full account access" is full access to account profile information and nothing else. Since they are a division of google they are getting a new permission created for just the username and email address as it's all they need.
3. Re:So, in short... by thegarbz · 2016-07-12 08:06 · Score: 1
  
  Yes. I came to the same conclusion because I too have the reading comprehension skills of a 2 year old.
  Try again.
This story is garbage by mewsenews · 2016-07-12 02:13 · Score: 1, Insightful

The accusation was that the app had "full access" to google account data. Hence Slashdot's previous headline, PSA: Pokemon Go Has Full Access To Your Google Account Data
This previous story was accurate and true, because by the developers own admission,

"[Pokemon Go] erroneously requests full access permission for the user's Google account"
They are fixing it, and kudos for fixing it, and they've confirmed with Google that they didn't access any additional information, but they still fucked up and have admitted they fucked up.

Perhaps people should be more careful about the accusations they make.
Go to hell
1. Re:This story is garbage by bfpierce · 2016-07-12 02:22 · Score: 4, Insightful
  
  The problem being nobody actually understood what 'full access' through Google's API actually does, or bothered to go look it up.
  RTFM kids, you'll look a lot less stupid.
2. Re:This story is garbage by bickerdyke · 2016-07-12 02:32 · Score: 4, Informative
  
  "Did not do" is *NOT* the same as "Could not do".
  Accusation was they had access.
  They did indeed have access.
  Proofed wrong by even the summary:
  
  "full account access" does not mean a third party can read or send or send email, access your files or anything else
  
  Yes, slightly confusing,. They had "full access" but "full access" does NOT grant you access to Email, Files or any other data.
  
  The say they didn't use that access, good on them. They say they are going to reduce the access requested, great.
  The fact remains they had access whether they used it or not.
  They had access to account data, but not access to data in any service connected to that account (like email) At least that's how I read this.
  
  --
  bickerdyke
3. Re:This story is garbage by halivar · 2016-07-12 02:33 · Score: 1
  
  It's "could not", not "did not do".
  "Full access" does not include reading or sending email. Period.
4. Re:This story is garbage by NatasRevol · 2016-07-12 02:38 · Score: 2
  
  Here's what the API can do. It's undocumented, so you can't look it up:
  https://gist.github.com/arirub...
  "In summary:
  The direct token that Niantic gets can't access the gmail api / gcal api
  However, the token could potentially be exchanged through the undocumented mechanism /MergeSession to create a web session logged in as you on any google property
  I haven't seen the app try to exchange this token for an ubertoken while poking at it
  The app communicates with Niantic with encrypted blobs and theoretically could send this token to them"
  
  --
  There are two types of people in the world: Those who crave closure
5. Re:This story is garbage by Quantus347 · 2016-07-12 02:38 · Score: 4, Informative
  
  The App had more access than they needed or intended, and more than the Android equivalent. However, it did not have the capabilities that were originally reported. The original blog post that started this sh#t-storm stated that the app could things like "Read all your email, Send email as you, Access all your Google drive documents (including deleting them)[...]" none of which was ever true. The blogger further admitted he'd never actually worked with the google permissions or tested this, and was just inferring (read: being a bit of an alarmist) based on a general description from the Google help page.
  
  So yes, the iOS version of the App can do more than it needs to, and that permissions discrepancy has been added to the long list of things that need to be fixed on this still very young and rather buggy game. But No, the App could never do much of what it was being accused of doing.
  
  --
  Common Sense isn't as Common as people think...
6. Re:This story is garbage by NatasRevol · 2016-07-12 02:41 · Score: 3, Interesting
  
  It *potentially* could. And now has been documented as to how it could:
  https://gist.github.com/arirub...
  
  --
  There are two types of people in the world: Those who crave closure
7. Re:This story is garbage by mark-t · 2016-07-12 02:54 · Score: 1
  
  While it is correct that it did not do that... it *COULD* have, had it been written to do so, because it received permissions to do so, despite not using them.
  
  --
  File under 'M' for 'Manic ranting'
8. Re:This story is garbage by ljw1004 · 2016-07-12 03:04 · Score: 1
  
  The problem being nobody actually understood what 'full access' through Google's API actually does, or bothered to go look it up.
  RTFM kids, you'll look a lot less stupid.
  What is the "FM"?
  I see a lot of google OAUTH scopes listed at https://developers.google.com/.... I don't think there is a "FM" which tells us how to map the poorly-phrased UI dialog to the actual OAUTH scopes. If the UI claims to be asking for "full access", which of those scopes do you think it's asking for? All of them? Including the scope "https://www.googleapis.com/auth/gmail.modify"?
  I've not used Google OAUTH, but I have used Microsoft OAUTH where the scopes had very badly worded UIs, and I bet the same is true of Google.
  For instance, if your app requests the Microsoft scope "wl.signin | wl.offline_access" then all it technically does is let your app use a Microsoft ID to sign into the app but without giving even one iota of access to any of your account information. However the way it's presented to the user is "This app wants to sign you in automatically and access your info anytime". My users (reasonably) thought this meant that my app could access any of their account details anytime, and a portion of them declined to grant permission.
  In this Microsoft case I don't think anyone was being stupid, and no one should be expected to RTFM, and the fault lies squarely with the folks who design the UI for the Microsoft signin process. My hunch is that the same is true of Google's OAUTH too.
9. Re:This story is garbage by bws111 · 2016-07-12 03:04 · Score: 2
  
  No, it COULD NOT 'potentially' do that. Full Google account access IS NOT, and DOES NOT INCLUDE Gmail access. So it CAN NOT access your email, docs, etc, even potentially.
10. Re:This story is garbage by bws111 · 2016-07-12 03:05 · Score: 2
  
  No, it COULD NOT have been written to do that. The permissions that it received DO NOT allow access to email, etc
11. Re:This story is garbage by BronsCon · 2016-07-12 03:48 · Score: 1
  
  Similar to saying that running "cat" as root, "can not" delete your data.
  sudo cat /dev/urandom > /dev/sda
  
  Say what?
  
  It's not about the app having malicious code in it, it's about the app being exploited, like I just did with cat.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
12. Re:This story is garbage by shaitand · 2016-07-12 03:55 · Score: 1
  
  "The accusation was that the app had "full access" to google account data."
  
  Which is false. While named something like "full account access" the issue here was poor naming not improper access. The permission only granted access to the account profile information. They did not fuck up, this is currently the permission they must request to access account details such as username and email address. Because they are a Google company Google is responding by creating an entirely new more fine grained permission to access just those two items which the app will then use.
13. Re:This story is garbage by shaitand · 2016-07-12 03:58 · Score: 1
  
  "The App had more access than they needed or intended, and more than the Android equivalent."
  
  Actually as android permissions go this one was relatively reasonable just poorly named. From my understanding it gave access to your account profile details and was just very very poorly named. They are only creating a more restrictive permission because of the lashback. Honestly, I think they should have just renamed the existing permission.
14. Re:This story is garbage by Quantus347 · 2016-07-12 07:07 · Score: 1
  
  Not sure they have that freedom. This was only an issue on the iOS version, not the Android version, and Im assuming that iOS has a different relationship with Google Product permissions. And while Niantic started off as an internal Google startup project, they've since been spun off as their own entity. The change would have to be on Google's side. That being said, your are right in that all of this could have easily been avoided if Google had more accurately named the Permission level, and given a more detailed description of what it could and could not grant to a 3rd party app in it's Help/FAQ.
  
  --
  Common Sense isn't as Common as people think...
15. Re:This story is garbage by mabu · 2016-07-12 07:45 · Score: 1
  
  someone upmod this please
16. Re:This story is garbage by thegarbz · 2016-07-12 08:07 · Score: 1
  
  This previous story was accurate and true, because by the developers own admission,
  Except for the bit where someone else used the same token and confirmed that at the time the accusation made before anyone worked to change anything the story was in fact NOT true and they weren't able to access emails.
17. Re:This story is garbage by NatasRevol · 2016-07-12 14:05 · Score: 1
  
  From the github description:
  he direct token that Niantic gets can't access the gmail api / gcal api
  However, the token could potentially be exchanged through the undocumented mechanism /MergeSession to create a web session logged in as you on any google property
  So yes IT COULD.
  
  --
  There are two types of people in the world: Those who crave closure
18. Re:This story is garbage by shaitand · 2016-07-13 04:34 · Score: 1
  
  Well google is creating the new permission for them so presumably google could rename the existing permission.
Impossible! by Fire_Wraith · 2016-07-12 02:15 · Score: 1

Unfounded speculative claims? FUD and hype?
In "Cyber" Security? Inconceivable!
Re:What is this? by fustakrakich · 2016-07-12 02:18 · Score: 1

Slashdot had been forwarding a lot of false rumors over the last few weeks. It appears to be serving its purpose.

--
“He’s not deformed, he’s just drunk!”
The same company made an app that accesses it! by Pinkbunnyman · 2016-07-12 02:21 · Score: 1

I'd be careful, I mean what if this one could read your email and send it to its parent company! The same parent company who installed an app without your permission on your android phone! I believe it's called "gmail"...
1. Re:The same company made an app that accesses it! by _xeno_ · 2016-07-12 02:25 · Score: 1
  
  Niantic is no longer part of Google and hasn't been since August of last year. They split from Google and then had a fairly large investment from Nintendo specifically for the creation of this new Pokemon Go game.
  
  --
  You are in a maze of twisty little relative jumps, all alike.
2. Re:The same company made an app that accesses it! by Pinkbunnyman · 2016-07-12 02:52 · Score: 1
  
  No company had ever kept links with its former associate companies right
Re:Uh, no. by NatasRevol · 2016-07-12 02:28 · Score: 2

You can install it, then revoke it's access from your account to what it doesn't need.
App still works fine.

--
There are two types of people in the world: Those who crave closure
Permission Justification by Thelasko · 2016-07-12 02:32 · Score: 1

I think app developers should write a short sentence justifying their need for the permissions they require. Some apps are just ridiculous. Why does a streaming audio app need to access my call history?

--
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Re:Confirmed "full account access" by halivar · 2016-07-12 02:34 · Score: 1

And what it does not include, as TFS says, is email.
BS: these guys are reading your emails by DatbeDank · 2016-07-12 02:34 · Score: 2

Pokemon Go is a psyops brought to you via the same data-mining shill that developed Ingress as well... Niantic, which was formed by John Hanke. Hanke was the original founder of Keyhole (which was acquired by Google, by the way...) a program that received a large chunk of its funding from In-Q-Tel, a government-controlled venture capital firm that, in turn, is supported largely by National Geospatial-Intelligence Agency (NGA), whose primary mission is “collecting, analyzing, and distributing geospatial intelligence.” Very easy to spot the true intent behind these 'games'.
1. Re:BS: these guys are reading your emails by laurencetux · 2016-07-12 04:56 · Score: 1
  
  No to make an English Long FrackTon of cash for Nintendo
Re:Android version by bickerdyke · 2016-07-12 02:34 · Score: 1

And bluetooth connections.
I can imagine some connections between a location based game and your contacts's addresses being incorporated into the game somehow, but does someone has any idea what might be the reason behind those two?
Location, camera and phone status are more or less obvious.

--
bickerdyke
A Google Company can access your Google Data! by Quantus347 · 2016-07-12 02:42 · Score: 1

...and everyone looses their minds.

This is probably a Joker meme by now...

--
Common Sense isn't as Common as people think...
iOS? Google account? by Yvan256 · 2016-07-12 02:50 · Score: 2

Maybe my iPhone is too old, but what does iOS have to do with a Google account?
And is a Google account needed to play Pokémon Go?
1. Re:iOS? Google account? by Quantus347 · 2016-07-12 03:02 · Score: 3, Informative
  
  When you first log in you can sign in with either your Google/Gmail account, or else create an app-specific "Pokemon Trainer Club" log-in. Presumably doing the latter would not grant any Google Account access
  
  --
  Common Sense isn't as Common as people think...
2. Re:iOS? Google account? by wwalker · 2016-07-12 05:32 · Score: 1
  
  You can also create an empty Google account just for silly apps like that, separate from your important stuff. Let them read emails from each other.
3. Re:iOS? Google account? by thegarbz · 2016-07-12 08:10 · Score: 1
  
  Or not let them read emails from each other since that is not what the permission allows.
Bad permission naming by SeattleLawGuy · 2016-07-12 02:54 · Score: 1

Yes, there is no privacy. And privacy is already hard enough without naming permissions "full account access" when it does not include full access to an account, rather than to a certain subset of the account. It sounds like somebody did that.
The reporting error wasn't the blogger's fault; it was the fault of whoever named the permission "full account access." And it is still good that he reported it, because it highlighted a problem where the app programmer requested broader permission than needed. The blogger's confusion was understandable, and people should feel absolutely free to blog about their security concerns.
The right thing is then to ask Google or the app owner before publishing an article in the real media. Gizmodo did the right thing: vetted it with experts and tried to get a statement from Google.

--
Real lawyers write in C++
1. Re:Bad permission naming by mabu · 2016-07-12 07:43 · Score: 1
  
  >And privacy is already hard enough without naming permissions "full account access" when it does not include full access to an account, rather than to a certain subset of the account.
  Assuming "full access" means "all access" is not a mistake.
  It's probably a good idea to assume the worst in situations like this.
  The fact that "full" wasn't "all" and people assumed otherwise, may result in better protection of peoples privacy and personal information.
Re:Android version by Quantus347 · 2016-07-12 02:59 · Score: 2

The bluetooth connection is required to use the Pokemon Go Plus notifier hardware/wristband that is currently sold out of all suppliers.

https://www.amazon.com/Nintend...

--
Common Sense isn't as Common as people think...
Editorializing? by MrLint · 2016-07-12 03:08 · Score: 2

"Perhaps people should be more careful about the accusations they make."
Perhaps what really needs to happen is better definition of what 'full access' means and that app should be more 'careful' about which permissions they request.
"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information,"
1. Re:Editorializing? by thegarbz · 2016-07-12 08:12 · Score: 1
  
  Perhaps what really needs to happen is better definition of what 'full access' means and that app should be more 'careful' about which permissions they request.
  Or perhaps the world should harden up and realise that the app installed on the phone is pretty much far more sandboxed and has far less access to information including the inability to read emails or other files than pretty much any PC program ever.
  People are afraid someone is going to infringe the privacy of their own shadows these days, but only through mobile because accessing internet banking and responding to phishing attacks on a malware infested PC doesn't generate news headlines like it did in the 2000s.
Careful about accusations? by idontusenumbers · 2016-07-12 03:24 · Score: 1

Perhaps people should be more careful about what they name account permission settings.
Re:Red Herrings by Quantus347 · 2016-07-12 03:26 · Score: 1

They are conspiring with Boeing, McDonalds, and the Illuminati to further their Chemtrail program!

--
Common Sense isn't as Common as people think...
Ingress has had access for years by ItsPaPPy · 2016-07-12 03:31 · Score: 2

Here is the proof
http://i.imgur.com/TWOedY7.png
Re:What is this? by BronsCon · 2016-07-12 03:41 · Score: 1

Someone mod this AC troll insightful. We're already seeing this actually happening.

In unrelated news, I've been driving a lot more, lately. I'm sure it has absolutely nothing to do with hearing about kids walking into traffic while playing Pokemon GO.

--
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Re:Uh, no. by shaitand · 2016-07-12 03:48 · Score: 1

According to TFS "full account access" is synonymous with "full account profile access." They aren't just choosing not to use more, the priv doesn't grant more it's just poorly named.

The change they are making is to create an all new more fine grained permission for just the username and email address because they don't need the entire profile.

Google is bad about fine grained permissions.
Re:Android version by shaitand · 2016-07-12 04:05 · Score: 1

Does it matter? Even if something has valid reason for access there is nothing that guarantees it isn't also abusing the access.
That is absolutely true by wonkey_monkey · 2016-07-12 04:27 · Score: 1

Pokemon Go Was Never Able To Read Your Email
It certainly wasn't. I've never installed it.

--
systemd is Roko's Basilisk.
Re:Android version by bickerdyke · 2016-07-12 04:54 · Score: 1

Well, nice... but..... What was again the purpose of those smartwatch thingies when apps require special wristbands?

--
bickerdyke
Re:Android version by bickerdyke · 2016-07-12 04:57 · Score: 1

It does matter cause I was hoping that bluetooth would support Android Wear and prevent accidents.

--
bickerdyke
Perhaps... by Khyber · 2016-07-12 07:19 · Score: 1

"Perhaps people should be more careful about the accusations they make."
Perhaps fucking companies should be more careful and less lazy about the boilerplate bullshit they throw in, and actually bother to write a relevant fucking EULA/ToS for their software.
And perhaps you should shut your whore mouth, manishs.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
1. Re:Perhaps... by Khyber · 2016-07-13 03:28 · Score: 1
  
  Big words from an AC that's too fucking fat to get up from behind their keyboard.
  And you're not as anonymous as you think - your vocabulary and typing mannerisms give you away you furry fuckwit.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Competency Question by EndlessNameless · 2016-07-12 07:21 · Score: 1

If an established security researcher can't figure out what permissions an application is requesting, maybe Google needs to work on their UI.
On the other hand, maybe the guy is just an idiot.
I'm not into Pokemon, so I don't know exactly what it displays during installation.

--

---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
It has Officially been Patched. by Quantus347 · 2016-07-12 07:22 · Score: 1

The first patch went live about a hour ago, and included a fix to the Google Account scope.

http://www.popsci.com/pokemon-...

--
Common Sense isn't as Common as people think...
Re:Android version by xvan · 2016-07-12 07:35 · Score: 1

Making you pay to be able to run the app in the background without you realizing that's what you're doing.

Otherwise you need to walk with the phone unlocked, and the app active ( unless a mod exists to keep apps in the background believing they're in the foreground).
It's similar to Nintendo's pay for this toy to unlock a game character.
Re:What is this? by mabu · 2016-07-12 07:37 · Score: 1

There's more substance to the article than there is inaccuracy. It may be true that the app doesn't have access to a person's gmail account, but the privacy policy makes it clear users should have no actual sense of "privacy" for the data that is collected:
“We may disclose any information about you (or your authorized child) that is in our possession or control to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate”
On top of that all versions of the app request access to a person's contact database, which does contain a tremendous amount of information that is totally not relevant to game play, including e-mail addresses of everybody in a person's contact database. In this manner, even if you don't play the game, if someone does who has your personal info in their contact list, then your privacy has been compromised as well.
Re:Android version by bickerdyke · 2016-07-12 07:46 · Score: 1

Making you pay to be able to run the app in the background without you realizing that's what you're doing.
Otherwise you need to walk with the phone unlocked, and the app active ( unless a mod exists to keep apps in the background believing they're in the foreground).
It's similar to Nintendo's pay for this toy to unlock a game character.
Seems like you need to do that anyway:
http://www.imore.com/pokemon-g...
"Your device still needs to be running Pokémon Go in the foreground, so you're not saving much battery life, and you'll get those vibrations from your iPhone or Android device, anyway."

--
bickerdyke
Re:Android version by Quantus347 · 2016-07-12 07:50 · Score: 1

The patch that hit this afternoon appears to have added push notifications to the mix, so that may alleviate the issue somewhat.

The wristwatch Pokemon Go Plus has a button on it so that (supposedly) you can catch them, activate Pokestops, etc without having to interact with your phone at all.

Granted, it does seem like the sort of function that would be right smack in the wheelhouse of a Smartwatch, so hopefully they release a smartwatch app to mimic it. But for those of us that like the function but dont want to drop the cash for an actual smartwatch, a $35 dedicated device isnt entirety useless.

--
Common Sense isn't as Common as people think...
erroneous?? by RIPgriggs · 2016-07-13 04:52 · Score: 1

"Pokemon GO account creation process on iOS erroneously requests full access permission for the user's Google account." Yes everyone, please believe us that it is "erroneously" requested. and once we have permission from all the IOS users, because of this erroneous request.... PLEASE BELIEVE we will not use those permissions to violate you. "However, Pokemon GO only accesses basic Google profile information (specifically, your User ID and email address)" yes, PLEASE TAKE OUR WORD ON THIS "MISTAKE"
Re:Android version by shaitand · 2016-07-13 05:13 · Score: 1

I meant from a security perspective.