解决极值中的神奇设k法_神奇宝贝Go拥有对您的Google帐户的完全访问权限。 这是解决方法[更新]...

已获得对您的 google 帐号的访问权限


To say Pokémon GO is wildly popular would be a vast understatement. To say the app’s use of your Google Account is wildly insecure would also be a vast understatement. You should revoke its access to your account now. (But don’t worry, there’s a way to keep playing.)

要说《 PokémonGO》非常流行,那就太轻描淡写了。 要说该应用程序对您的Google帐户的使用完全不安全,则轻描淡写。 您应该立即撤消其对帐户的访问权限。 (但是不用担心,有一种方法可以继续玩。)

Update: Niantic has released a patch that fixes this problem. We’ll be leaving this article here for posterity, but as long as you have the latest version of Pokémon GO on your device, you should be free of the concerns outlined below.

更新 :Niantic已发布了修复此问题的补丁。 为了后代,我们将在此保留这篇文章,但是,只要您在设备上安装了最新版本的PokémonGO ,就无需担心下面列出的问题。

有什么大不了的? (What’s the Big Deal?)

Pokémon GO is insanely popular. It’s free-to-play mobile game, developed by Niantic on Nintendo’s behalf, and is available for both iOS and Android. In the first few days since it was released, it has been downloaded millions upon millions of times, skyrocketed up the mobile app charts, and given investors such a confidence boost in Nintendo that Nintendo stock surged 7.5 billion dollars and the company saw the biggest single day surge in stock value that it’s seen since 1983.

神奇宝贝GO非常受欢迎。 它是由Niantic代表任天堂开发的免费手机游戏,适用于iOS和Android。 自发行以来的头几天,它已被下载了数百万次,移动应用程序排行榜飙升,并且由于投资者对任天堂的信心增强,任天堂股价飙升了75亿美元,成为该公司最大的单笔交易。自1983年以来,股票价格连续一天暴涨。

So what’s the problem? The game plays it pretty fast and loose with the security of your Google account.

所以有什么问题? 借助您的Google帐户的安全性,该游戏可以快速,轻松地进行游戏。

The game allows you to create either a Pokémon account (a third party account designed expressly for Pokémon GO and other Pokémon stuff) or to use your Google account. Almost everyone is opting to use their Google account because the Pokémon account system is getting slammed with too much traffic.

该游戏可让您创建一个Pokémon帐户(专门为PokémonGO和其他Pokémon产品设计的第三方帐户)或使用您的Google帐户。 几乎每个人都选择使用自己的Google帐户,因为神奇宝贝帐户系统的流量过大。

That shouldn’t be a big deal, right? Tons of websites allow you to use your Google account for credentials instead of creating a separate login. But here’s the problem: unlike other apps and websites that only grab permissions for a few things, blogger Adam Reeve pointed out that Pokémon GO is given full access to your Google account–and it takes it without even asking you.

没什么大不了的,对吧? 大量网站可让您使用Google帐户获取凭据,而无需创建单独的登录名。 但这就是问题所在:与其他仅能获取一些权限的应用程序和网站不同, 博客作者亚当·里夫(Adam Reeve)指出 ,PokémonGO拥有对您的Google帐户的完全访问权限-并且无需询问就可以直接使用它。

Yes, you read that right: Full. Access. As a result, the can, according to Google, “see and modify nearly all information in your Google Account” (though it can’t change your password, delete your account, or pay with Google Wallet on your behalf). What exactly this means is very unclear (thanks, Google), but it is undoubtedly an overreach, as Pokémon GO should not require nearly that level of permission. If you want to check your own account, log into your Google account and visit this URL to check your permissions.

是的,您没看错:完整。 访问。 因此,据Google称,该罐可以“查看并修改您的Google帐户中的几乎所有信息”(尽管它无法更改您的密码,删除您的帐户或代表您使用Google电子钱包付款)。 到底是什么意思还不清楚(谢谢Google),但这无疑是一个超范围的事情,因为《PokémonGO》几乎不需要这个级别的许可。 如果要检查自己的帐户,请登录到您的Google帐户,然后访问此URL来检查您的权限

So far, this problem appears to mostly affect iOS devices. Although there are reports floating around about some Android devices being affected too, we were unable to replicate it on any of our Android devices–but it’s almost definitely happening to some phones. We were able to replicate it consistently on iOS.

到目前为止,此问题似乎主要影响iOS设备。 尽管有报道称一些Android设备也受到影响,但我们无法在任何Android设备上复制它-但几乎肯定是某些手机正在发生这种情况。 我们能够在iOS上一致地复制它。

So Niantic secretly thieving data on purpose? We think it’s unlikely. It’s probably just a simple (albeit very very stupid) oversight on their behalf rather than something nefarious. After all, Pokémon GO unseated the top two iOS freemium games in a matter of days. Using just the iOS charts as an indicator combined with estimated income of the two unseated games (Mobile Strike and Game of War), we can safely assume the game is pulling down millions of dollars a day. Who needs to be a criminal when people throw bricks of money at your head?

那么Niantic故意偷窃数据吗? 我们认为这不太可能。 代表他们做的只是一个简单的(尽管非常愚蠢)监督,而不是邪恶的。 毕竟,《PokémonGO》在短短几天之内就取代了前两款iOS免费增值游戏。 仅使用iOS图表作为指标,再结合两个未安装游戏(Mobile Strike和Game of War)的估计收入,我们可以确定游戏每天的亏损额为数百万美元。 当人们向您扔钱头时,谁需要成为罪犯?

Jest aside, let’s take a look at what you should do immediately and what you should do to keep playing the game if you can’t stand to be away from it.


Update: This article originally claimed that, according to Reeve, the app could “read your email, send email from your address, see your contacts, grab your files and photos from Google Drive”. While talking to Gizmodo, however, Reeve backtracked on this, saying he was not “100 percent sure” his claims were true. They very well could be, but Google’s description is very, very vague. We’ve updated the information above to reflect this. In addition, Niantic has issued a statement to Engadget–they did not expand on what those permissions entailed, though they claimed they only use it to access your user ID and email address. They will soon be issuing a fix that reduces Pokémon GO’s permissions to the correct level.

更新 :根据Reeve的说法,本文最初声称,该应用程序可以“阅读您的电子邮件,从您的地址发送电子邮件,查看您的联系人,从Google云端硬盘中获取文件和照片”。 但是,在与Gizmodo交谈时,里夫对此事回溯了,说他不确定自己的说法是“ 100%肯定”。 它们可能很好,但是Google的描述非常非常模糊。 我们已经更新了上面的信息以反映这一点。 此外, Niantic已向Engadget发布了一份声明 -尽管他们声称只使用它来访问您的用户ID和电子邮件地址,但他们并未详细说明这些权限的含义。 他们将很快发布一个修补程序,以将PokémonGO的权限降低到正确的级别。

如何撤消PokémonGO对您的Google帐户的访问权限 (How to Revoke Pokémon GO’s Access to Your Google Account)

As we noted in the previous section, you can easily and immediately check the status of app and service permissions on your Google account. Uninstalling the game will not revoke the access granted to the game. You must login to the Google account permissions page and look for the entry “Pokemon Go Release”. Click on it for a detailed view and then, as seen in the screenshot below, click the giant “REMOVE” button.

如前一节所述,您可以轻松,立即地检查您Google帐户上的应用和服务权限的状态。 卸载游戏不会撤消授予游戏的访问权限。 您必须 登录到Google帐户权限页面,然后查找“ Pokemon Go Release”条目。 单击它可查看详细视图,然后如下面的屏幕截图所示,单击巨大的“删除”按钮。

Note that when we tested this on our Android devices, we didn’t see the Pokemon Go Release option show up at all. As far as we know, if you don’t see “Pokemon Go Release”, you are unaffected by the problem.

请注意,当我们在Android设备上对此进行测试时,我们根本没有看到“ Pokemon Go Release”选项。 据我们所知,如果您没有看到“ Pokemon Go Release”,那么您就不会受到问题的影响。

Clicking Remove will immediately revoke the app’s access to your Google account. Unsurprisingly, this also means the app will stop working (although some users on Twitter have reported the ability to continue playing after the revocation–if that’s you, congratulations, you are lucky). In our tests, the app either crashes the next time you open it, or demands you log in again. In some cases, you may even have to reinstall the app to get it to stop crashing–but it’s better than Niantic having access to your entire account.

点击删除将立即撤消该应用对您的Google帐户的访问权限。 毫不奇怪,这也意味着该应用程序将停止运行(尽管Twitter上的一些用户报告说,吊销后可以继续播放-如果是的话,恭喜,您很幸运)。 在我们的测试中,该应用要么在您下次打开时崩溃,要么要求您再次登录。 在某些情况下,您甚至可能必须重新安装该应用程序才能使其停止崩溃-但这比Niantic拥有访问整个帐户的权限要好。

This leads us to our final trick: playing without compromising your primary Gooogle account.


想继续玩吗? 使用Burner Google帐户 (Want to Keep Playing Anyway? Use a Burner Google Account)

Okay, we get it. You want to keep playing, but are (rightfully) dubious about handing over your account. Here’s a little workaround: create another free Google account, with nothing in it, and use that to sign into Pokémon GO.

好吧,我们明白了。 您想继续玩游戏,但是(理所当然)对于交出帐户存疑。 这里有一个解决方法:创建另一个免费的Google帐户(其中没有任何内容),然后使用该帐户登录PokémonGO

We have to admit we feel a bit silly for not doing this in the first place, but this is the first time we’ve really been burned by bad permissions in a game. To create a burner account, just log out of your regular Google account on your computer and then visit www.gmail.com to sign up for an account like superawesomepokemontrainer2016@gmail.com. Use that account to log into Pokémon GO and you’re golden. No matter how bad the account permissions remain, you can continue to play the rather addictive game without any privacy concerns.

我们必须承认,我们一开始没有这样做会感到很傻,但这是我们第一次真正被游戏中的错误权限所烧毁。 要创建刻录机帐户,只需在计算机上注销常规Google帐户,然后访问www.gmail.com即可注册superawesomepokemontrainer2016@gmail.com之类的帐户。 使用该帐户登录PokémonGO,您将大有作为。 不管帐户权限有多糟糕,您都可以继续玩这个令人上瘾的游戏,而无需担心任何隐私问题。

You will, however, have to start over from scratch, and you’ll lose all your Pokémon. But that’s a small price to pay. Alternatively, you can wait and hope Niantic releases their update fixing this problem–which should hopefully happen soon.

但是,您将不得不从头开始,并且将丢失所有的神奇宝贝。 但这是一个很小的代价。 另外,您可以等待,并希望Niantic发布解决此问题的更新-希望很快会发生。

