Mere six days after its official release in some regions, Pokemon Go has become a mobile gaming phenomenon unlike anything we've seen in recent years. A couple of days ago, however, the overwhelming excitement toward Pokemon Go was muddled by security concerns, spurned by a blog post labeling the iOS version of the game “a huge security risk” with “full access to your Google account”.
The blog post, penned by former Tumbler Senior Engineering Manager Adam Reeve, made vague claims about what Mr. Reeve presumed the app was allowed access to:"Let me be clear - Pokemon Go and Niantic can now:
- Read all your email
- Send email as you
- Access all your Google drive documents (including deleting them)
- Look at your search history and your Maps navigation history
- Access any private photos you may store in Google Photos
- And a whole lot more”
Although Pokemon Go does indeed request “full account access” from some iOS users, that does not mean the app has permissions to perform any of the aforementioned actions.
Speaking to Gizmodo, Reeve has retracted his statements, clarifying that, in fact, he was not “100 percent sure” what he described in his blog post was true. Reeve also says that Google tech support has got in touch with him explaining that “full account access” does not mean a third party app can access your private files, send email as you, or perform any of the other activities claimed by him in the post.
Having said this, Niantic has nonetheless acknowledged that Pokemon Go requests more permissions than it actually needs, emphasizing that only basic user information was accessed, and that an update fixing this will be pushed shortly by Google:
We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.