A Microsoft UX chap who likes playing around with APIs reckons he's caught a howler in the sensational Pokemon Go app: it's using HTTPS but not checking certificates properly.
As a result, Tweets Den Delimarsky as @DennisCode, the app doesn't notice a proxy between the user and the server.
Pokemon Go... get yourself whatever you want because I can hook directly into the APIs with mitmproxy. No cert check pic.twitter.com/aR1VkwW2AD
— Den Delimarsky (@DennisCode) July 9, 2016
We entirely agree with the Twitter account @Pookleblinky:
Pokemon go is a fractal security nightmare. Every part of it is as bad an idea as the whole idea. But you are still gonna use it.
— Pookleblinky (@pookleblinky) July 10, 2016
Another 24 hours, El Reg expects, and the infosec world will start documenting how easy it is to poke holes in Pokemon Go. ®