The makers of the smash-hit smartphone game Pokémon Go said Tuesday it corrected a potential security flaw that may have left app users’ information exposed to hackers.
Niantic, a company that partners with Nintendo, said it discovered the app requested full access to information stored in users’ Google accounts, information the company said it did not need.
"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” the statement read in part. "Google has verified that no other information has been received or accessed by Pokémon GO or Niantic.”
Cyber security expert David Kennedy, founder of Hudson-based Binary Defense Systems, said the flaw left user information exposed to hackers, though Niantic said no data was compromised.
“Hackers are coming up with new innovative ways of breaking into things and mobile applications are becoming a very high front of attack,” Kennedy said.
Kennedy explained that the flaw could potentially allow hackers to make emails on a user’s behalf, read text messages and even access credit card information.
Users can turn off the permission by accessing their phone’s settings. Niantic also released an update to Pokémon Go that fixed the issue.
Kennedy said excessive permissions are not unique to this one game and said it’s a reminder all smartphone users should pay attention when downloading new applications.
“So we’re living in a world now where a lot of your information is readily available and out there to these third parties,” he said, “And it really is up to you to decide whether or not you’re okay with that.”
---
Follow Derick Waller on Facebook and Twitter
Download the newsnet5 app:
