Pokemon Go has quickly taken the world by storm. We here at Victory Point have been living with the app open these last couple of days. However, it was recently made public that there might be a huge security concern when it comes to Niantic’s newest app.
Pokemon GO uses your Google account to sign in (unless you’ve made a Pokemon Trainer Club Account over on Nintendo). This is nothing new, as numerous apps / games use Google as a quick / easy way to sign in. However, it’s been made known that Pokemon Go has full access to your Google Account.
What does this mean? Well, it means that Niantic Labs has access to all of your Google emails, contacts, calendar, and more.
Over on their blog, software architect Adam Reeve issued an informative blog post. Here’s the description of what giving an app something full account access does from a Google support page: “When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).”
That’s pretty scary! Now, this seems to only be affecting iOS users at the moment, while Android users are only having their login information recorded. There is a way to go into your Google settings and remove GO’s full access (pictured above) however, when the app asks you to sign in again, it will immediately regain full access to your Google account.
This seems like a big oversight on Pokemon Go’s side, and hopefully in a future (and hopefully soon-ish) update, they will fix this.
Until then, you can listen to a special episode of Point Taken where Amanda, Jeff, and I discuss the launch day and the frenzy the app has caused. We also include a few tips and tricks for good measure.
Niantic has released a statement regarding privacy concerns, which you can read down below.
” We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves. “
Update 2: 7/12/16
Great news! Niantic and The Pokemon Company released the first update for the game today (update 1.0.1) and it fixes the Google Permission Issues. Now, the company will only have access to your name and email address. So get to catching them all, trainers!