This article is more than 1 year old

Is Pokemon Go leaky?

A Microsoft UX chap who likes playing around with APIs reckons he's caught a howler in the sensational Pokemon Go app: it's using HTTPS but not checking certificates properly.

As a result, Tweets Den Delimarsky as @DennisCode, the app doesn't notice a proxy between the user and the server.

We entirely agree with the Twitter account @Pookleblinky:

Another 24 hours, El Reg expects, and the infosec world will start documenting how easy it is to poke holes in Pokemon Go. ®

More about


Send us news