The  OAuth Token Controversy Issued To The Pokemon Go App

The very well-known Pokemon Go game can be played on your mobile devices. People can play this game. There are plenty of controversies that have come up very recently. Recently, it has received complete access to the Google accounts of many users. Not only that, but they had also failed to inform the users regarding the same. This has happened because of something called an OAuth token. This token was said to be issued by mistake.

How did the OAuth scam take place?

After the launch of this mobile-based online game, the iOS version started facing this OAuth issue. The developer of the game had to fix this issue to carry forward with its use. This game installed along with this OAuth token without taking any permission from the users. This token granted complete access to their Google accounts. This particular flaw introduced a lot of risks, especially an attack on token exchange.

Pokemon Go usually allows all the players to log in with the help of their Google account or  Trainer Club site. However, later, the club suspended many new registrations as they were overwhelmed with many of them. So, the players could choose only one option to join their recently bought pokemon go account for sale. Players had to use the credentials of their Google account. This permission overreach happened on the iOS version and not the Android one. Android users remained completely unaffected by this scam.

Fixing the issue!

The developers of the Pokemon Go game immediately admitted to this mistake and worked hard to fix it. They made sure to work on the access permission of their Google profiles. The only information the game would receive is the basic Google Account details. After this issue is fixed, Google confirmed that they would not receive any Google account information further. The only information they will get access to is the basic ones, such as the Gmail id. This can prevent many web attackers from using various Gmail accounts maliciously.


View all posts by