Pokémon GO, a location-based augmented reality game using Google Maps has recently released by Nintendo on iOS and Android; it has been a huge success, yet it has also created a huge security Risk.
Pokémon GO, grants itself FULL Account Access to your Google Account.
Full Access includes the ability to:
- Read your Emails
- Send Emails from your Account
- Access Google Drive documents
- Look at Search History
- Access Private Photos on Google Photos
- And More…
Are you playing Pokémon GO with a Business Email or are your employees? If yes, then this has potentially opened up the business to a major security risk.
As we become more connected, we need to be more cautious in what connects with what, especially when it comes to business.
All businesses need a policy in place around how their Google Accounts are to be used and an approval process in place as to what it can be connected to.
All other situations in connecting to software/applications, a Free Gmail account should be created and only used for this purpose, also known as a Burn (or Burner) Email Account to reduce the risk to the business.
Remove Pokémon GO’s Access to your Google Account:
- Open your Google Account permissions page
- Find and Select Pokémon GO
- Click “REMOVE” button to revoke Full Account Access
Pokémon GO’s Access to be changed in the future:
From the Developer: “We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account,” Niantic said.
The fact that it was released with Full Access should be a warning to all Businesses to be aware of what their employees are connecting to and the potential Security Risks created.