Concerns Arise Over Pokémon Go Granting Full Access to Players' Google Accounts [Update: Fix Incoming]

Pokémon Go is experiencing a momentous launch week, with an estimated 7.5 million downloads and nearly as many daily active Android users as Twitter in the United States. The rollout has not been entirely smooth, however, as the game has indirectly been at the center of crimes, robberies, and even car accidents.

Pokemon-go-access

Pokémon Go has full access to your Google account (Image: Ars Technica)

Now, an even bigger potential concern has arisen, as systems architect Adam Reeve has discovered that Pokémon Go grants full access to a user's Google account linked during the iOS sign-up process. Players can alternatively link a Pokemon.com account, but the website is currently experiencing issues for many users.

pokemon-go-sign-up
When granted full account access, Pokémon Go developer Niantic is theoretically capable of viewing and modifying nearly all information stored in your Google account, including your Gmail messages, Google Drive documents, Google Maps navigation history, search history, and personal photos stored on Google Photos.

Now, I obviously don't think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don't know how well they will guard this awesome new power they’ve granted themselves, and frankly I don't trust them at all. I've revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there's no way it's worth the risk.

It remains unclear what information, if any, Niantic is actually collecting from users, but the permissions are concerning given the company's history.

Niantic was formed by Keyhole founder John Hanke in 2010 as an internal startup at Google, until it was spun out as an independent entity in October 2015. Google then partnered with The Pokémon Company and Nintendo to invest up to $30 million in Niantic, so it has a remaining interest in the company.

Google is known to collect and track data from its users, fueling the privacy and security concerns. Niantic told Ars Technica that it has "no comment to share at the moment" about the issue, prompting some players to uninstall the game until the potential privacy implications are addressed.

Pokemon Go gameplay 2
Pokémon Go is available as a free download on the App Store [Direct Link] in the United States, Australia, and New Zealand, but anyone can install the app now with a U.S. iTunes account. The game is expected to expand to the U.K. and additional countries in the near future. Read more about Pokémon Go here.

Update: Niantic tells The Verge that the company did not intend to request full Google account access and will issue a client-side fix to reduce the number of permissions.

"We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves."

Popular Stories

airtag purple

AirTag 2 Rumored to Launch Next Year With These New Features

Sunday November 17, 2024 5:18 am PST by
Apple released the AirTag in April 2021, so it is now three over and a half years old. While the AirTag has not received any hardware updates since then, a new version of the item tracking accessory is rumored to be in development. Below, we recap rumors about a second-generation AirTag. Timing Apple is aiming to release a new AirTag in mid-2025, according to Bloomberg's Mark Gurman....
Magic Mouse Next to Keyboard

No, Apple CEO Tim Cook Didn't Say He Prefers Logitech's MX Master 3 Over the Magic Mouse

Sunday November 17, 2024 3:03 pm PST by
While the Logitech MX Master 3 is a terrific mouse for the Mac, reports claiming that Apple CEO Tim Cook prefers that mouse over the Magic Mouse are false. The Wall Street Journal last month published an interview with Cook, in which he said he uses every Apple product every day. Soon after, The Verge's Wes Davis attempted to replicate using every Apple product in a single day. During that...
New Things Your iPhone Can Do in iOS 18

18 New Things Your iPhone Can Do in iOS 18.2

Wednesday November 13, 2024 2:09 am PST by
Apple is set to release iOS 18.2 next month, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well....
iCloud General Feature

Apple Acknowledges iCloud Notes Disappearing and Explains How to Fix

Saturday November 16, 2024 9:45 am PST by
Earlier this month, we reported about some iPhone users temporarily losing all of their notes in the Notes app after accepting Apple's updated iCloud terms and conditions. Apple has now indirectly acknowledged this issue in a new support document that outlines steps to follow if your iCloud notes are not appearing on your iPhone, iPad, or Vision Pro. Fortunately, the notes can be re-synced...
iPhone 7 Lightning to Headphone Jack Adapter

Apple Seemingly Discontinuing Lightning to Headphone Jack Adapter Introduced Alongside iPhone 7

Sunday November 17, 2024 12:33 pm PST by
It appears that Apple is discontinuing the Lightning to 3.5mm headphone jack adapter that it released alongside the iPhone 7 and iPhone 7 Plus in 2016. The adapter was recently listed as "sold out" on Apple's online store in the U.S. and most other countries, according to MacRumors contributor Aaron Perris. The adapter remains available from Apple in only a handful of countries, such as...

Top Rated Comments

keysofanxiety Avatar
109 months ago
If you primarily use a Google account, I don't think Nintendo stealing your data should be the pinnacle of your privacy concerns. ;)
Score: 29 Votes (Like | Disagree)
iosiseasy Avatar
109 months ago
I'm actually more shocked that Google allows developers access to all user's account goodies.
Score: 14 Votes (Like | Disagree)
kcirtap00 Avatar
109 months ago
Shouldn't Google's default level of access just be basic access? It really should prompt you if anything higher is required. I mostly blame Niantic for poor coding/security practices but Google is at least partly to blame here IMO.
Score: 12 Votes (Like | Disagree)
doctorwhofan98 Avatar
109 months ago
I figured that most people have more than one google account. One for "real life" and others for stuff like this.
I really think you're overestimating the general public. Pretty much everyone I know would just accept the conditions without reading them, and I don't know anyone with multiple accounts. If the developer had malicious intent, they'd have a lot of power right now.
Score: 11 Votes (Like | Disagree)
JackieInCo Avatar
109 months ago
I figured that most people have more than one google account. One for "real life" and others for stuff like this.
No they don't. People rarely think situations like this, especially the audience this game is targeting.
Score: 11 Votes (Like | Disagree)
eniaczz Avatar
109 months ago
whatever, I don't care about my google account. I only care about Pokémons!!
Score: 11 Votes (Like | Disagree)