Pokemon Go may have taken the world by storm, but the game has landed in big trouble with its users over privacy concerns. A blog post by security researcher Adam Reve has revealed that the app can access troves of sensitive information via a person’s Google account.
Anyone who signs into the iOS version of Pokemon Go is required to either sign in with their Pokemon.com or Google account. According to Reve’s findings, people who choose the latter are essentially giving the app full access to their profile. This poses a major security threat since it can view and modify nearly all the data stored within their account.
Even Google’s help page warns how serious this can be, advising users to only grant full access privilege to apps they completely trust. Allowing such an invasion of privacy means Pokemon Go can freely do things like read a player’s emails, send a mail under their name, see and delete all their Google Drive files, peep at their search and Maps history, and go through their private snaps in Google Photos.
Pokemon Go’s creator Niantic has now responded to these security concerns. The company claims that it had erroneously asked for full access to a consumer’s Google account. Pokemon Go apparently requires only basic profile details namely a player’s User ID and email address.
Niantic went on to assure players that it hasn’t accessed or collected any other Google account information. It’s currently working on a client-side fix so that the app only asks for basic data. The search giant itself is supposed to reduce Pokemon Go’s permissions to only essential profile info soon, so gamers won’t have to take any action of their own to shield themselves from an invasion of privacy.
Niantic hasn’t specified when exactly this fix will be coming out. Till then, you can cut off admission to your data by signing into Google and removing access to Pokemon Go under App Permissions.