Incident: Misleading Permissions in Pokémon Go Google Account Access

Published Date: 2016-07-11

Postmortem Analysis
Timeline 1. The software failure incident related to Pokémon Go's misleading permissions happened in July 2016 as per Article 45777.
System 1. Outdated version of Google’s shared sign-on service used by Niantic Labs [45777]
Responsible Organization 1. Niantic Labs 2. Google [45777]
Impacted Organization 1. Gamers who downloaded the Pokémon Go augmented reality game [45777]
Software Causes 1. The software failure incident in the Pokémon Go augmented reality game was caused by the use of an outdated version of Google’s shared sign-on service by Niantic Labs, leading to misleading permissions being displayed to users [45777].
Non-software Causes 1. The scare was caused by the use of an outdated version of Google’s shared sign-on service by Niantic Labs, leading to misleading permissions being displayed to users [45777]. 2. Google misrepresented the limited permissions granted as "full access," contributing to the scare [45777].
Impacts 1. The software failure incident with Pokémon Go caused a scare among gamers who noticed that the app had apparently been granted "full access" to their Google accounts, leading to concerns about potential security vulnerabilities [45777]. 2. The incident led to confusion and fear among users about the extent of permissions granted to the app, with some worrying that developers could access and manipulate personal data such as emails, documents, and browsing histories [45777]. 3. The misleading labeling of "full account access" by Google in this incident caused further alarm and raised questions about the transparency and accuracy of permissions granted to apps [45777]. 4. The incident highlighted the importance of app developers using up-to-date and secure sign-on processes to ensure clear communication with users regarding permissions granted and to avoid unnecessary panic or privacy concerns [45777]. 5. The discovery of a malicious version of the Pokémon Go Android app infected with a remote access tool emphasized the risks associated with downloading apps from third-party sources, potentially leading to full control of the victim's phone by attackers [45777].
Preventions 1. Implementing regular updates and using supported versions of third-party services like Google's shared sign-on service could have prevented the misleading permissions granted by the outdated version used by Niantic Labs [45777]. 2. Conducting thorough testing and quality assurance processes to ensure that the app's permissions accurately reflect the data access requirements and that users are properly informed about the permissions requested [45777]. 3. Providing clear and transparent communication to users about the data access and permissions requested by the app during the sign-up process to avoid confusion and concerns about privacy and security [45777].
Fixes 1. Updating the shared sign-on service used by Niantic Labs to a supported version to ensure proper permission-granting steps are followed [45777]. 2. Changing the wording of the permission prompt from "Full account access" to something more accurate to avoid misleading users [45777]. 3. Implementing a client-side fix in the Pokémon Go app to request permission for only basic Google profile information, aligning with the actual data accessed by the app [45777]. 4. Google reducing Pokémon Go's permission to only the basic profile data needed by the app [45777].
References 1. Google [45777] 2. Niantic Labs [45777] 3. Slack security engineer Ari Rubenstein [45777] 4. Security researchers at Proofpoint [45777] 5. Stephen McCarney from Arxan Technologies [45777] 6. Domingo Guerra, founder of mobile app security company Appthority [45777]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization a) The software failure incident related to Pokémon Go's misleading permissions issue with Google accounts does not seem to have happened again within the same organization (Niantic Labs) or with its products and services as per the provided article [45777]. b) The article mentions a separate incident where security researchers at Proofpoint discovered a malicious version of the Pokémon Go Android app infected with a remote access tool, giving attackers full control over the victim's phone. This incident involving a malicious version of the game being marketed to unsuspecting users as the genuine game could be considered a similar type of software failure incident happening with another organization or its product [45777].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be attributed to the outdated version of Google's shared sign-on service used by Niantic Labs. This outdated version led to a mislabeling of permissions, causing Google to default to warning users that the Pokémon Go app had "full access" to their Google accounts. This miscommunication was a result of the development choice made by Niantic Labs to use an unsupported version of the sign-on process, which ultimately caused confusion and fear among users [45777]. (b) The software failure incident related to the operation phase can be seen in the case of users downloading a malicious version of the Pokémon Go Android app from third-party sources. This rogue app was infected with a remote access tool that could give attackers full control over the victim's phone. Users who downloaded the unofficial software from online file storage services were at risk of infecting their devices with malware, highlighting the dangers of not obtaining apps from official sources and the potential consequences of operation-related failures [45777].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident related to the Pokémon Go app's permissions issue was primarily within the system. The issue stemmed from Niantic Labs using an outdated version of Google's shared sign-on service, which led to the misleading "full access" permissions being displayed to users. This was not an intentional attempt by Niantic Labs to gain access to users' personal data, but rather a result of using an unsupported version of the sign-on process [45777]. (b) outside_system: The incident also involved external factors, such as Google's misrepresentation of the permissions granted to the app. Despite Niantic only requesting basic profile information, Google displayed the permissions as "full access," causing confusion and concern among users. Additionally, there were external security threats, such as a malicious version of the Pokémon Go Android app infected with a remote access tool, which was being marketed to users through online file storage services [45777].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident related to non-human actions was primarily due to the outdated version of Google's shared sign-on service used by Niantic Labs. This outdated version led to the misleading display of "full access" permissions on Google accounts when users signed up to play Pokémon Go. Despite the alarming language, independent security researchers confirmed that only basic permissions were actually granted to the app [45777]. (b) The software failure incident related to human actions involved the miscommunication and mislabeling of permissions between Niantic Labs and Google. Niantic's choice to use an unsupported, out-of-date version of the sign-on process led to the skipping of the permission-granting step, causing Google to default to warning users about "full access" to their accounts. This miscommunication between the two companies contributed to the scare and confusion among users [45777].
Dimension (Hardware/Software) software (a) The software failure incident related to hardware: - The incident reported in the article [45777] was not directly related to hardware failure but rather to a software issue. The scare regarding Pokémon Go accessing users' Google accounts was attributed to an outdated version of Google's shared sign-on service used by Niantic Labs, which led to misleading permissions being displayed to users. This issue did not stem from hardware failure but rather from a software implementation problem. (b) The software failure incident related to software: - The software failure incident reported in article [45777] was primarily due to contributing factors originating in software. Specifically, the issue with Pokémon Go accessing users' Google accounts was caused by Niantic Labs using an outdated version of Google's shared sign-on service, leading to misleading permissions being displayed to users. This software-related problem resulted in a scare among players regarding potential security vulnerabilities, highlighting the importance of proper software implementation and security measures.
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the Pokémon Go app granting "full access" to users' Google accounts was non-malicious. The incident was attributed to the use of an outdated version of Google's shared sign-on service by Niantic Labs, which led to the misleading permissions being displayed to users. Despite the alarming message of "full access," security researchers confirmed that only basic permissions were actually granted to the app [45777]. The incident was characterized by unintentional mislabeling and a lack of clear communication rather than any malicious intent to harm the system.
Intent (Poor/Accidental Decisions) accidental_decisions (a) The intent of the software failure incident was not due to poor decisions but rather accidental decisions. Niantic Labs unintentionally requested full access permission for users' Google accounts during the Pokémon Go account creation process on iOS. This was a mistake as the app only needed basic Google profile information, and no other Google account information was accessed or collected [45777]. The incident was more of a result of using an outdated log-in method without clear reasons and a mislabeling of permissions, rather than a deliberate attempt to gain unauthorized access to users' personal data.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence can be seen in the case of the Pokémon Go app incident. Niantic Labs used an outdated version of Google’s shared sign-on service, which led to the app being granted "full access" to users' Google accounts, causing a major security scare [45777]. This incident highlights the importance of using up-to-date and secure development practices to prevent such vulnerabilities. (b) The software failure incident related to accidental factors can be observed in the case of Google misrepresenting the permissions granted to the Pokémon Go app users as "full access" when, in reality, only basic permissions were being granted. This mislabeling led to confusion and fear among users, although there was no intentional attempt by Niantic Labs to access users' personal data [45777]. This accidental miscommunication between Google and Niantic caused unnecessary panic and raised concerns about data security.
Duration temporary (a) The software failure incident related to the Pokémon Go app's permissions issue was temporary. The incident occurred due to Niantic Labs using an outdated version of Google’s shared sign-on service, which led to the app being granted "full access" to users' Google accounts, causing a scare among players [45777]. However, both Google and Niantic Labs clarified that the "full access" permission actually only granted basic permissions to the app, and steps were taken to fix the misleading permissions promptly. Google verified that no other information had been accessed by Pokémon Go or Niantic, and they were working to reduce the app's permission to only the basic profile data needed [45777].
Behaviour value, other (a) crash: The incident related to the Pokémon Go app granting "full access" to users' Google accounts was not a crash. The app was not losing state and failing to perform its intended functions. Instead, the issue was related to misleading permissions granted to the app, which did not result in a system crash [45777]. (b) omission: The incident was not due to the system omitting to perform its intended functions at an instance(s). The issue with the Pokémon Go app was not about missing or skipping functions but rather about the misleading representation of permissions granted to the app [45777]. (c) timing: The incident was not related to the system performing its intended functions correctly but at the wrong time. The problem with the app's permissions was not about timing but about the inaccurate labeling of the level of access granted to users' Google accounts [45777]. (d) value: The software failure incident was related to the system performing its intended functions incorrectly. Users were alarmed by the perceived "full access" granted to their Google accounts, which was later clarified to be a mislabeling issue. The app was actually only accessing basic profile information despite the misleading wording [45777]. (e) byzantine: The incident was not characterized by the system behaving erroneously with inconsistent responses and interactions. The issue with the Pokémon Go app was more about a miscommunication regarding the level of access granted rather than inconsistent behavior or interactions [45777]. (f) other: The behavior of the software failure incident could be categorized as a miscommunication or misrepresentation issue. The misleading labeling of "full access" to users' Google accounts caused alarm and confusion among players, leading to concerns about data privacy and security. The incident highlighted the importance of clear communication and transparency in app permissions [45777].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, theoretical_consequence (d) property: People's material goods, money, or data was impacted due to the software failure The software failure incident related to Pokémon Go's permissions issue caused concern among users as it appeared that the app had been granted "full access" to their Google accounts. This led to fears that the developers could potentially access, edit, and delete documents in Google Drive and Google Photos, as well as access browser and maps histories [45777]. The misleading permissions granted by the app prompted Google to default to warning users that the app had "full access" to their accounts, causing confusion and potential privacy concerns [45777].
Domain entertainment (a) The software failure incident reported in the articles is related to the entertainment industry. The incident involved the popular augmented reality game Pokémon Go, developed by Niantic Labs, which is a game that falls under the entertainment category [45777].

Sources

Back to List