back to article Is Pokemon Go leaky?

A Microsoft UX chap who likes playing around with APIs reckons he's caught a howler in the sensational Pokemon Go app: it's using HTTPS but not checking certificates properly. As a result, Tweets Den Delimarsky as @DennisCode, the app doesn't notice a proxy between the user and the server. Pokemon Go... get yourself whatever …

  1. ratfox

    The weird thing is that it probably largely uses the same code as Ingress, which has been operating since 2012, at the time when Niantic labs was part of Google. It would be a bit surprising if the holes had been there the whole time and nobody noticed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022