Pokemon Go has ‘full access’ to your Google Account is an error, privacy flaw is now being fixed

Pokemon Go, the latest mobile game sensation has taken the internet by storm and caught the imagination of lot of gamers since its release on July 6. The mobile app is used by players to walk around and collect the popular characters. To play the Pokemon Go, you need to log in with an account. There are two ways to do this: Either you can create a user name on the Pokemon Trainer Club, or else you can use your existing Google account.

However, a blog post by a former Senior Engineering Manager at Tumblr, which labelled the iOS version of the Pokemon Go game “a huge security risk” with “full access to your Google account” has jolted the overwhelming excitement of a lot of users.

The blog post, penned by Adam Reeve, made vague claims about what he presumed the app was allowed access to:

“Let me be clear – Pokemon Go and Niantic can now:

• Read all your email
• Send email as you
• Access all your Google drive documents (including deleting them)
• Look at your search history and your Maps navigation history
• Access any private photos you may store in Google Photos
• And a whole lot more”

Even though Pokemon Go does indeed request “full account access” from some iOS users that does not mean the app has permissions to perform any of the aforementioned actions.

Speaking to Gizmodo, Reeve has retracted his statements, providing an explanation that in fact, he was not “100 percent sure” what he labelled in his blog post was true. He just inferred from Google’s descriptions, which make no mention of such activities. He also says that Google tech support has got in touch with him explaining that “full account access” does not mean a third party app can access your private files, send email as you, or perform any of the other activities claimed by him in the post.

Having said this, Niantic has nonetheless acknowledged that Pokemon Go requests more permissions than it actually needs. It is an innocent technical error and no other Google account information has been collected, Niantic says. No Pokemon were harmed as well. Specifically, only the Google user ID and e-mail address, basically only the user’s Google profile was accessed. Here’s Niantic Labs’ statement in full indicating that an update, fixing this will be pushed shortly by Google:

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

So, all those Pokemon GO game lovers out there can now heave a sigh of relief and get on with the madness of collecting the popular characters!

1 COMMENT

  1. Niantic did use to be a part of Google. Not sure if that means anything or not, just figured it should be added to the article…

LEAVE A REPLY

Please enter your comment!
Please enter your name here