The augmented reality game, "Pokemon Go" may have a security risk in the app.
According to Fortune magazine, a potential security vulnerability exists for players who used their Google account to sign up for the game. Adam Reeve, a principal architect at RedOwl, a cybersecurity startup, wrote in a blog post about the risks.
The risk appears to only affect iOS users who sign into Pokemon Go with their Google credentials. Reeve wrote about the issue on his blog:
"To play the game you need an account. Weirdly, Niantic [Labs] won’t let you just create one - you need to sign in with an existing account from one of two services - the pokemon.com website or Google. Now the Pokemon site is for some reason not accepting new signups right now so if you’re not already registered there you’ll need to use a Google account - and that’s where the fun begins.
"I started the game, hit the Google button, and was redirected to log in. Normally you’d see a little message saying what data the app is going to be able to access - something like “This app will be able to view your email address and name”. For some reason that’s not shown in this case, but I went ahead and logged in anyway. Then on a whim I went to see which permissions it was granted (you can see for your own account right here). To say I was a little stunned is putting it lightly - it said: "Pokemon Go has full access to your Google account." (Read the rest from his blog here.)
CNET provided a fix for the issue as well as a note from Niantic indicating that the company is addressing the issue.