Yikes. Turns out those Google permissions for Pokémon Go were pretty extensive, but Niantic says they’ve fixed the problem.
Pokémon Go has been out in Australia, New Zealand and the U.S. for almost a week, and everyone’s out to catch ’em all — but some savvy users actually checked their Google permissions, and got a nasty surprise.
Related: The 11 stages of waiting for Pokémon GO to be released worldwide
When you signed up for Pokémon Go with your Google ID on an iPhone, you in fact gave the app “full access” to your account — including email and Drive.
Wrote Adam Reeve, who first discovered the bug:
“Pokemon Go and Niantic can now:
– Read all your email
– Send email as you
– Access all your Google drive documents (including deleting them)
– Look at your search history and your Maps navigation history
– Access any private photos you may store in Google Photos
– And a whole lot more.”
There was a way to manually fix the app’s permissions, but users were worried Niantic already had access to their email (which also meant they could send and open emails in the user’s name) and Google Docs.
But, according to Niantic Labs, that was never the case. A statement published Tuesday reads:
“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
So according to Niantic, no other information aside from your ID and email address has in fact been collected — but it’s reassuring to know that they’re fixing this problem nonetheless!
We want to hear your thoughts on this topic!
Write a comment below or submit an article to Hypable.