from Hacker News

Pokemon Go – Permissions Update

by nate_martin on 7/12/16, 5:19 PM with 106 comments

  • by matt_wulfeck on 7/12/16, 6:45 PM

    I'm glad they involved google to make sure the change happens to anyone and also to verify their claims about access. This is the type of response we should expect/demand from other companies. Well done.

  • by minimaxir on 7/12/16, 5:29 PM

    This is the same message that was released to the press yesterday.

    I'm surprised Google itself has not said anything, as they are also at fault for not showing the permissions workflow in the first place.

  • by e12e on 7/12/16, 6:54 PM

    Isn't this a bit: "Accidentally left open gate to castle. Now closed. No fix in place to make sure other people working closely with Alphabet/Google won't leave door open again. Share and enjoy." ?

    On another note, from the "privacy policy":

    1. REVISIONS TO THIS PRIVACY POLICY

    Any information that is collected via our services is covered by the privacy policy in effect at the time such information is collected we may revise this privacy policy from time to time if we make any material changes to this privacy policy, including any change that we propose that will have retroactive effect, we’ll notify you of those changes by posting them on the services or by sending you an email or other notification, and we’ll update the “last updated date” above to indicate when those changes were made

    So, they'll let you know if they apply retroactive changes to the policy? How is that any different from "lol, you give data, we do what we want, ok?"

  • by biogeneration on 7/12/16, 5:52 PM

    I really appreciate that they were able to make a change quickly and provide transparency about the issue and resolution.

  • by chromaton on 7/12/16, 7:43 PM

    On Android, Pokemon Go requests permission to access your contacts. I declined this access, and the app still seems to work (modulo the crashes & bugs that others have reported).

    Accessing the camera and location I can understand, but I don't want to give Pokemon Go access to my contacts.

  • by panic on 7/13/16, 1:34 AM

    This update completely broke login for people with Pokemon Trainer Club accounts. It doesn't even send the HTTP request: https://www.reddit.com/r/pokemongo/comments/4sjbeq/ios_users...

  • by saturdaysaint on 7/12/16, 5:35 PM

    From the 1.01 iOS release notes: "-Fixed Google account scope"

  • by quaffapint on 7/12/16, 8:02 PM

    Keep in mind you dont have to login with your google account - you can create a free pokemon club account and use that.

  • by mattlutze on 7/13/16, 8:23 AM

    I'm slightly curious how we prove the statements to be true.

    There wasn't the normal "this app wants ___ permissions, is that cool?" message from the Google OAuth dialog. I had not idea I'd authorized Niantic to go scrape all my emails, access Google's own processing on them for advertisement system training or review my location history, for example.

    I'm not so sure why I should believe they didn't do that.

  • by foota on 7/12/16, 9:10 PM

    I wonder how many applications do the same thing and haven't been called out on it.

  • by mark_l_watson on 7/12/16, 5:41 PM

    I didn't think they were doing anything nefarious but you never know. I think I will install it now, to see what my grandchildren have been talking about.

  • by stephenyeargin on 7/13/16, 4:16 AM

    Take a look at this list of potential things you can ask for as a developer:

    https://developers.google.com/identity/protocols/googlescope...

    And most folks will click "Approve" without really reviewing the list. That said, Twitter and Facebook (two other popular OAuth providers) heavily restrict certain "full" access to only trusted applications that they either have a business relationship with or otherwise review the application before allowing those scopes to be requested or used. This incident may prompt Google to do more of that, which isn't entirely great news for the more responsible developers with purpose-built apps.

  • by qwertyuiop924 on 7/12/16, 8:08 PM

    Great. Although this is really a left-pad situation: it's good that they fixed it, but that fact that it was a problem in the first place is pretty damn disturbing.

  • by callesgg on 7/12/16, 8:59 PM

    Inital thought: Wow that company is so great... that they did the right thing...

    ...Wait a second do i think a company is great just cause they do things the way they should do them.

  • by rtanaka on 7/12/16, 7:46 PM

    It is indeed fixed but updating iOS app alone does not change the permissions. I had to sign out of the app, revoke the permissions on google and then sign back in.

  • by unimpressive on 7/12/16, 6:07 PM

    Oh good, I can finally feel comfortable about installing it.

  • by sl1e on 7/12/16, 8:06 PM

    Is the button that takes me to login with Google account the same as using a Google email address to create an account?

  • by aftbit on 7/12/16, 5:54 PM

    Perfect response! :)

  • by cocotino on 7/12/16, 6:06 PM

    Bit of OT

    Played Pokémon GO yesterday (iOS 1.0 version) and it was very buggy. Many bugs looked like they were server side (requests freezing), but there were strange rendering errors (like seeing only waves on the ground where Pokémon are, and not the actual Pokémon on them) that could be fixed by restarting the app several times. The phone also got absurdly hot, I never play on it, I don't know if it's normal for it to get like that, but I could barely hold it in my hand.

    I literally couldn't understand all the fuss about the game, it was unplayable for me...