Pokémon Go is the latest illustration of how much we take our email security for granted these days.
Pokémon Go has taken the world by storm over the past week, with a download count entering the millions, and possibly surpassing even Twitter in its usage. It has proved immensely popular among people of all ages, and is dominating conversation from the schoolyard to the work water cooler. However, what was invisible to the hordes of excited users, frantically catching their first Pokémon, was that we all potentially forfeited our email security simply by signing up.
The Pokémon Go Email Security Concerns
Pokémon Go accepts two forms of identity confirmation to log in – through its own account system (which quickly became overrun by new users), or a pre-existing Gmail account. While many apps today accept Gmail as a means of logging in, Pokémon Go asks for full access to your Gmail data. That means that Niantic, the developer of Pokémon Go, could hypothetically access your emails, send new emails, access your Google Docs and Photos, or access your search and navigation history. For a more in-depth look, check out Adam Reeve’s (the man who discovered the breach) blog post.
Calm your Clefairies – you can now play safely!
For a week or so, this represented a massive breach of email security. While it appears that the access request was a simple coding error by Niantic, and that Niantic only ever accessed a user’s basic profile data, the risk was still considerable in the context of hackers and trollers.
Niantic responded almost immediately to these claims of breached email security, announcing that Google would soon reduce Pokémon Go’s access permissions to just the basic ID information needed. According to Wired, Pokémon Go’s first update, which is available now, fixes the coding error that initially led to this email security concern, though the full details of the update are not entirely clear. Alternatively, How To Geek explain how you can restrict Pokémon Go’s access yourself through your own Google account. They also recommend that you use an alternative email account for Pokémon Go to ease any future concerns you might have about your email security.
Is Email Security a Concern on Other Apps?
It is worth pausing for a moment to consider just how secure your email is on your smartphone more generally. Pokémon Go isn’t the first example of a large scale mobile security breach: think back to 2014 and the controversial celebrity photo hacks. Or the reports a year ago of a vulnerability in the iPhone’s default Mail app, which potentially allowed hackers to dupe users into giving over their iCloud login details. More recently, Apples’ iOS app store was infiltrated by dozens of apps carrying malicious coding. These were built on a knock-off of Apples’ Xcode software, XcodeGhost (for a list of some of the infected apps, click here).
Safety Precautions You Can Apply Right Now
In an age of interconnectedness and digital living, we tend to have become complacent to what we download, what we sign-in with and what we allow access to. While no one is suggesting that we all avoid playing what we want to play, or downloading the latest trendy apps, we do need to practice some basic security precautions.
For iPhone Users
According to Macworld, you should:
- Keep your phone updated.
- Only attach your phone to computers you believe are 100% safe.
- Don’t jailbreak a phone – this automatically renders Apple’s security measures useless.
For your Email Account
When it comes to email security, McAfee suggest that you ensure the secure sockets layer (SSL) is enabled on your phone. By following their easy instructions, you can ensure that your emails are transmitted securely. It is also worth checking what access you currently give to any other app you may have installed – follow this easy guide to controlling what apps have access to what information.