MacRumors

Pokémon Go is experiencing a momentous launch week, with an estimated 7.5 million downloads and nearly as many daily active Android users as Twitter in the United States. The rollout has not been entirely smooth, however, as the game has indirectly been at the center of crimes, robberies, and even car accidents.

When granted full account access, Pokémon Go developer Niantic is theoretically capable of viewing and modifying nearly all information stored in your Google account, including your Gmail messages, Google Drive documents, Google Maps navigation history, search history, and personal photos stored on Google Photos.

Now, I obviously don't think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don't know how well they will guard this awesome new power they’ve granted themselves, and frankly I don't trust them at all. I've revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there's no way it's worth the risk.

It remains unclear what information, if any, Niantic is actually collecting from users, but the permissions are concerning given the company's history.

Niantic was formed by Keyhole founder John Hanke in 2010 as an internal startup at Google, until it was spun out as an independent entity in October 2015. Google then partnered with The Pokémon Company and Nintendo to invest up to $30 million in Niantic, so it has a remaining interest in the company.

Google is known to collect and track data from its users, fueling the privacy and security concerns. Niantic told Ars Technica that it has "no comment to share at the moment" about the issue, prompting some players to uninstall the game until the potential privacy implications are addressed.

Pokémon Go is available as a free download on the App Store [Direct Link] in the United States, Australia, and New Zealand, but anyone can install the app now with a U.S. iTunes account. The game is expected to expand to the U.K. and additional countries in the near future. Read more about Pokémon Go here.

Update: Niantic tells The Verge that the company did not intend to request full Google account access and will issue a client-side fix to reduce the number of permissions.

"We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves."

Although Nintendo, Niantic, and The Pokémon Company have a few good reasons to celebrate the launch of their new augmented reality mobile game Pokémon Go, a couple of incidents related to the game have already begun sprouting up over the past few days, bringing to light a few cautionary tales for everyone delving into the game.

Because it requires players to travel to real-world destinations in order to stock up on Poké Balls, eggs, and potions, and compete at gyms, some individuals have been capitalizing on the game's mechanics to trap and rob its players. According to a Facebook post from the O'Fallon Police Department in Missouri, four people were arrested over the weekend after using a Lure Module at a PokéStop to draw in unsuspecting players and rob them at gunpoint.

"Many of you have asked how the app was used to rob victims, the way we believe it was used is you can add a beacon to a pokestop to lure more players," the police department said in a statement on Facebook. "Apparently they were using the app to locate [people] standing around in the middle of a parking lot or whatever other location they were in."

The Lure Modules work as ways to bait more Pokémon into showing up to any PokéStop for 30 minutes, and enhances the Stop's visibility to a glowing pink color when in use, so it's easy for other players nearby to notice. Due to this, other cities across the United States have reported Pokémon Go-related thefts since the game launched last week, including a few in Philadelphia.

Other users playing the game have been lead to a few scary discoveries, including one woman who found a corpse while traveling to a PokéStop in Wyoming. Nineteen-year-old Shayla Wiggins jumped a fence to capture a nearby Pokémon, but instead discovered the dead body of a man who is believed to have drowned in the Big Wind River. According to the local police department, "There is no evidence at this time that would indicate foul play."

Nintendo reminds users to be aware of their surroundings every time the app is opened, and a few states have issued specific warnings as well, but there have also been some driving-related incidents since the game launched. While Pokémon Go encourages players to strike off the beaten path to discover wild Pokémon nearby, most have discovered -- especially in cities where walking is inhibited -- that it's easy to idle past nearby PokéStops and Gyms, already leading to more than a handful of Pokémon Go-influenced accidents.

Pokémon Go is still in its early stages, with Niantic promising continuous updates down the line to enhance player interactivity with the game thanks to the addition of social aspects like Pokémon trading. The company hasn't yet divulged when the first update will be hitting, however, since the app has yet to launch worldwide. Pokémon Go isn't considered one of Nintendo's official smartphone games, but it does appear to hint at a more popular staying power than Miitomo, which launched earlier in the year. Next up the company plans to debut apps related to the Fire Emblem and Animal Crossing franchises.

In the United States, Australia, and New Zealand Pokémon Go can be downloaded from the App Store for free. [Direct Link]

One of the clearest shots of Apple's upcoming iPhone 7 case has been posted over on French site Nowhereelse.fr this morning.

While the photo doesn't tell us anything we don't already know, it does confirm some details of the design we've come to expect from previous leaks.

The appearance of the rear of the phone is consistent with 3D renders previously posted by NWE blogger Steve Hemmerstoffer depicting an iPhone 6s-like design, repositioned antenna bands, and a larger camera cut-out.

What's not clear in the photo is the connector situation at the bottom of the device. Apple is widely expected to do away with the headphone jack, possibly making way for a second speaker grille for stereo sound. The Lightning connector will then become an all-in-one port for audio output, charging, and accessory connectivity.

The photo offers no hint about Apple's plans to use a flush, touch-sensitive home button, a feature that could be reserved for the tenth-anniversary iPhone with an OLED display and glass casing expected in 2017.

According to a new report released yesterday by Piper Jaffray analyst Gene Munster, based on a survey of 400 iPhone owners, 15% of users expect to upgrade their devices in the fall, while 29% said they will consider it.

According to the research, 67% of iPhone owners in the U.S. have an iPhone 6/6 Plus or older, placing them in the typical carrier upgrade window during the iPhone 7 cycle. Meanwhile, 32% of users are said to own an iPhone 5s or older, meaning incompatibility issues with newer software could also edge said owners into an upgrade.

Apple is widely expected to announce the iPhone 7 and iPhone 7 Plus in September. In addition to the aforementioned features, the smartphones are expected to be slightly thinner with faster Apple A10 processors, 32GB of base storage, improved waterproofing, and faster LTE and Wi-Fi. 3GB of RAM and a dual-lens rear camera are said to be exclusive to the 5.5-inch model.

Apple will pay $25 million to settle a patent lawsuit with Network-1 Technologies' subsidiary Mirror World Technologies and license its patents, the companies announced today. The patent (No. 6,006,227) dates back to 1999, covering a system that stores documents in a stream ordered chronologically, similar to Apple's Cover Flow or Time Machine.

Under the terms of the agreement, Apple will receive a fully paid up non-exclusive license to the '227 Patent for its full term, which expired in 2016, along with certain rights to other patents in Network-1's portfolio. Network-1 will receive $25 million from Apple for the settlement and fully paid up license.

The technologies described in the patent were developed from the work of Yale University computer scientist Professor David Gelernter and his then-graduate student Dr. Eric Freeman in 1996. They then founded Mirror Worlds LLC, which began a long-running legal fight with Apple over the patent. In 2010, Apple was hit with a $625 million judgment over the patent. A year later, Apple won a reversal of the decision and the judge closed the case in Apple's favor.

In 2013, Mirror Worlds was purchased by Network-1 and the company acquired Mirror World's patents. Network-1 describes itself as a company "engaged in the development, licensing and protection of its intellectual property and proprietary technologies." Last year, the company also reached a settlement with Microsoft for $4.6 million over the same patent.

A few years ago, a number of users in Australia were victimized by attackers remotely locking iPhones, iPads, and Macs using Find My iPhone on iCloud. Compromised devices typically displayed Russian ransom messages demanding payments of around $50 to $100 for the device to be unlocked.

Apple later confirmed that iCloud was not compromised, and that the eventually-arrested attackers had instead gained access to Apple IDs and passwords through external sources. Russian website MKRU said the attackers obtained the credentials via phishing pages and social engineering techniques.

Since then, CSO security blog Salted Hash has discovered that, since at least February of this year, these ransom attacks have returned and now target users in the U.S. and Europe. The methods used by attackers are said to be the same ones used in 2014, starting with a compromised Apple ID.

It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.

In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.

The website shared screenshots and linked to a number of Facebook, Twitter, and Reddit users whose devices appear to have been held for ransom in recent months, but there is speculation that the problem could be much larger than that. The following excerpt is highly questionable, however, and could very likely be incorrect.

Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.

Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."

The message goes on to state that the alleged breach was conducted by a Russian actor, and vector "seems to be via iCloud to the 'locate device' feature, and is then locking the device and asking for money."

The report adds that "for now, let's assume there hasn't been a massive iCloud data breach." Apple has not commented on the matter.

Given that the Apple ID credentials involved in the ransom attacks are believed to originate from online security breaches, Salted Hash pointed towards a recently compromised Mac-Forums.com database, which allegedly includes 291,214 accounts, being sold for around $775 on the darknet.

There is currently no evidence to suggest that the Mac-Forums database has any relation to these ransom attacks, but users with an account on that website should change their passwords out of an abundance of caution. Setting a device passcode and enabling two-factor authentication for your Apple ID is also highly recommended.

Apple has a support document outlining steps to take if you think your Apple ID has been compromised. Also read security and your Apple ID.

Apple and the University of Naples Federico II have jointly announced that the first-ever iOS Developer Academy will open in October 2016 at the university's new campus in San Giovanni a Teduccio, a coastal suburb east of Naples, Italy. The news was first reported by German website Macerkopf.

The free academy will provide more than 200 students with "practical skills and training on developing apps" in the first year, with more to follow in the years ahead, as part of a nine-month curriculum designed and supported by Apple. The facility includes labs and access to the latest Apple hardware and software.

"We are thrilled to be working with Università di Napoli Federico II to launch the first iOS Developer Academy in Europe," said Luca Maestri, Apple's CFO.

First semester courses will focus on enhancing and improving students' software development skills on iOS, while second semester students will attend courses on the creation of startups and app design, and work together to create apps that could eventually be released on the App Store.

Students can find out more or apply on the University of Naples website. Applicants are required to take an online test in Italian or English, with successful candidates moving to an interview stage. The university will also be accepting applications through its website for teachers for the Academy in the coming months.

Apple's plans to open its first iOS app development center in Europe were first announced by CEO Tim Cook in January.

"Europe is home to some of the most creative developers in the world and we’re thrilled to be helping the next generation of entrepreneurs in Italy get the skills they need for success," said Tim Cook, Apple's CEO. "The phenomenal success of the App Store is one of the driving forces behind the more than 1.4 million jobs Apple has created in Europe and presents unlimited opportunities for people of all ages and businesses of all sizes across the continent."

Apple expects to expand this program to other countries around the world in the future.

Pennsylvania resident Samuel Lit has hit Apple with a lawsuit claiming that the company infringed on his patent for web carousels, according to documents filed in the Northern Illinois District Court (via AppleInsider). Apple's website typically features a homepage with a carousel containing four to five windows displaying its products.

Lit owns U.S. Patent No. 8,793,330, which is a "system and method for displaying graphics, art, text, animation, video and other content." It's described as a "three-dimensional 'Display Carousel' system" that can cycle through its windows in a rotating manner that makes it look like a carousel at a predetermined speed.

The lawsuit claims that Apple's website, which also has a system that cycles through windows in a rotating manner at a predetermined speed, infringes some or all of the 20 claims of the patent. Some of Apple's infringements on Claim 16 include having a "system for displaying content," a "display carousel embedded" into the website, a display engine to deliver the carousel content when its on a web browser, and a database to track how many customers purchase things linked from the carousel.

Lit is seeking "reasonable" royalties with interest. While Lit is a radio broadcaster, he used to work with software systems and engines for Hy Lit Radio Technologies, which was named after his father Hy Lit, another radio broadcaster. He previously attempted to monetize his patent via a website called YourDisplayCarousel.com but the site shut down in December.