The insta-obsession over “Pokémon Go” hasn’t just forced
gamers to leave their homes and explore the outside world, it’s also yielded a
teachable moment about privacy.
After Niantic’s smartphone game took off, Adam Reeve,
principal architect at the Baltimore security-analytics firm Red Owl, saw
something squirrelly in its iOS version. His Google settings showed that
signing into “Pokémon Go” with his Google account had given the game access to
almost all of his Google account’s information, from his e-mail to his photos.
Other security researchers, such as Trail of Bits’ Dan
Guido, looked into this and confirmed that the game sought far more info than
needed to verify a player’s identity.
Niantic said it wasn’t reading anything more than Google
usernames and e-mail addresses and quickly shipped an update to curb its
access.
That developer did the right thing commendably fast. But
other companies with apps that invite or require you to sign in via your Google
or other social media account might not – and at worst could wind up being able
to peek at parts of your online persona you want private. Don’t take a new
app’s word for it; check what parts of your accounts it can see and, if
necessary, cut off that access. Here’s how.
0 comments:
Post a Comment