Pokemon Go iOS update patches its biggest security flaw

The app used FIX! It's super effective!

Pokémon Go may warn players to be alert of their surroundings, but one of the biggest concerns of the augmented reality catch-'em-all was far more subtle than walking into traffic or a group of robbers.

Starting today, an update for the iOS version of the pocket monster phenomenon fixes a massive security oversight that gave Pokémon Go complete and total access to users' Google Accounts.

Instead of using only your most basic personal deets, the app was unintentionally set to "see and modify nearly all information in your Google Account," according to the description on Google's app permission's page.

In addition to fixing the security flaw and squashing some other bugs - technological ones, not Butterfrees - the update also lets real-world trainers automatically sign in after a forced logout without having to put in their email and password repeatedly, as well as other stability improvements.

TM08: Bulk Up (your security)

To update your permission settings, visit your Google Account homepage, go to "Sign-in & Security," followed by "Connected Apps & Sites," then "Manage Apps."

From there, remove Pokémon Go from the list and log back into the app with your phone. Using your credentials to sign in should now give the game access to only your name and email address instead of, well, everything.

While Android users of the app were not affected by this error, they may still want to keep an eye out for PokemonGo malware that'll infect phones faster than a Grimer using Toxic.

As for the iOS patch, testing out the fix for ourselves successfully reduced Go's free reign of our account info without making us have to start the game over. That said, it's a shame the patch couldn't also help with the game's struggling servers, which still remain an issue at this time.

Via 9to5Mac

Tags