By the way, Google indorsed this comment. Believe me?
If it were a smaller company I'd like to see proof.
I'm surprised Google itself has not said anything, as they are also at fault for not showing the permissions workflow in the first place.
Primarily at fault.
I haven't used to app so I have no idea, just a thought.
On another note, from the "privacy policy":
1. REVISIONS TO THIS PRIVACY POLICY
Any information that is collected via our services is covered by the privacy policy in effect at the time such information is collected we may revise this privacy policy from time to time if we make any material changes to this privacy policy, including any change that we propose that will have retroactive effect, we’ll notify you of those changes by posting them on the services or by sending you an email or other notification, and we’ll update the “last updated date” above to indicate when those changes were made
So, they'll let you know if they apply retroactive changes to the policy? How is that any different from "lol, you give data, we do what we want, ok?"
Niantic Labs did not create and does not own the permission model and therefore by definition they can't fix it.
All they can do is improve their review process to reduce chances that bad code somehow makes it into production. (as probably most of us do)
That is not to say that there aren't valid and reasonable use cases for even the most powerful/dangerous permissions. People even root their phones to give some of their apps access to permissions they otherwise couldn't use because there's a lot of cool/interesting stuff you can do that way.
Pretty standard for a lot of apps and web services. The alternative is not to use them, or to be very conscious about what data you supply them with. Most people just click accept (as with any EULA).
I certainly want to try Pokemon Go, but after seeing these articles, I decided to wait.
Accessing the camera and location I can understand, but I don't want to give Pokemon Go access to my contacts.
Generally speaking, this is the worst way to do it, as the app hasn't made a case for why it needs to send notifications.
It should do it in a contextual way so the user understands that notifications will enhance their experience of the app.
Edit: OK, continually since it does seem to be up sometimes!
There wasn't the normal "this app wants ___ permissions, is that cool?" message from the Google OAuth dialog. I had not idea I'd authorized Niantic to go scrape all my emails, access Google's own processing on them for advertisement system training or review my location history, for example.
I'm not so sure why I should believe they didn't do that.
I can easily see how the second would happen, I wonder if Ingress (their previous inside google app) even showed up on your list of authorized third parties?
Glad to see Google patching the permissions server-side, as I bet a lot of people just checked the app out once out of curiosity and won't launch the updated version.
https://developers.google.com/identity/protocols/googlescope...
And most folks will click "Approve" without really reviewing the list. That said, Twitter and Facebook (two other popular OAuth providers) heavily restrict certain "full" access to only trusted applications that they either have a business relationship with or otherwise review the application before allowing those scopes to be requested or used. This incident may prompt Google to do more of that, which isn't entirely great news for the more responsible developers with purpose-built apps.
Before you could also get stuff like education and work history, family relationships, relationship status, sexual orientation and a whole load of other stuff that could potentially cause a lot of trouble. And people would happily click OK just to play FarmVille or whatever.
Now Facebook makes it so any app needing advanced permissions data has to be reviewed by Facebook first.
See https://developers.facebook.com/blog/post/2014/04/30/the-new...
...Wait a second do i think a company is great just cause they do things the way they should do them.
Played Pokémon GO yesterday (iOS 1.0 version) and it was very buggy. Many bugs looked like they were server side (requests freezing), but there were strange rendering errors (like seeing only waves on the ground where Pokémon are, and not the actual Pokémon on them) that could be fixed by restarting the app several times. The phone also got absurdly hot, I never play on it, I don't know if it's normal for it to get like that, but I could barely hold it in my hand.
I literally couldn't understand all the fuss about the game, it was unplayable for me...
With that enabled, when the phone is rotated upside-down (i.e put in your pocket), brightness drops to 0% and 3D rendering is disabled, both of which help. A little. Constant GPS and battery sucking can't be fully mitigated.
Nostalgia is a powerful force.
