Pokemon Go doesn’t have full access to your Gmail account

  • HT Correspondent, Hindustan Times, New Delhi
  • Updated: Jul 12, 2016 17:34 IST
A Pokemon appears on the screen next to a woman as a man plays the augmented reality mobile game "Pokemon Go" by Nintendo in Bryant Park in New York City. (Reuters)

If you have read anywhere, and chances are that you have, that Pokemon Go can spy on you, stop worrying.

Niantic released a statement allaying all fears, saying Pokemon Go only accesses basic Google profile information (user ID and email address) and that no other Google account information is or has been accessed or collected.

Niantic, spun off from Google last year, and Pokemon Company created the augmented reality mobile game that makes users go on a hunt for Pokemon across their city. Nintendo owns a third of Pokemon Company and both have undisclosed stakes in Niantic.

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account... Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access,” Niantic said in a statement.

“Google has verified that no other information has been received or accessed by Pokémon Go or Niantic... Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves,” it added.

The controversy over the security vulnerability started after Adam Reeve, former senior engineering manager at Tumblr, wrote a blog post claiming that the Pokemon Go app was a malware and a huge security risk.

Reeve said that Pokemon Go granted “full account access” to user’s Google accounts when they log on with Google on iOS. He now works with as a principal architect at Red Owl Analytics.

He claimed that the app can read all your emails, send emails as you, access all your Google drive documents (including deleting them), look at your search history and your maps navigation history, access any private photos you may store in Google Photos and a whole lot more.

However, Reeve told Gizmodo that he wasn’t “100 percent sure” that the things he wrote on his blog post were true.

“Reeve also admitted that he had never built an application that uses Google account permissions, and had never tested the claims he makes in the post,” Gizmodo said.

Read more: Pokemon Go takes you back in time with augmented reality

Left to right: Sameer Uddin and Michelle Macias play Pokemon Go on their smartphones outside of Nintendo's flagship store in New York City. (AFP)

The design and technology blog also said that a cybersecurity expert, who contacted Google’s tech support, had serious doubt about Reeve’s claim. The expert said according to Google tech support’s mail to him “full account access” does not mean a third party can read or send or send email, access your files or anything else Reeve claimed.

It means Niantic can only read biographical information like email address and phone number.

“In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say “Has access to Gmail”) ” the mail read.

So essentially, Reeve was going with the literal meaning of the phrase - “full access control” - and wrote what he had inferred from it.

So carry on! Hop around playing the game that SimilarWeb says people are now spending more time on than dating app Tinder or WhatsApp.

From Around the Web
Sponsored by Revcontent

also read

Apple’s iPhone7 hits South Korean stores after Samsung Note 7 fiasco
Show comments