The weird thing is that it probably largely uses the same code as Ingress, which has been operating since 2012, at the time when Niantic labs was part of Google. It would be a bit surprising if the holes had been there the whole time and nobody noticed.
Is Pokemon Go leaky?
A Microsoft UX chap who likes playing around with APIs reckons he's caught a howler in the sensational Pokemon Go app: it's using HTTPS but not checking certificates properly. As a result, Tweets Den Delimarsky as @DennisCode, the app doesn't notice a proxy between the user and the server. Pokemon Go... get yourself whatever …
Biting the hand that feeds IT
