Pokémon Go has surpassed dating app Tinder in downloads, almost crossed Twitter in daily active users and bought Nintendo $7 billion worth of market cap, and continues to be on a roll.
But if you’re using your iPhone and have used your Google account to login into the game to catch “Pikachu’ or ‘Charmender’ and win Gym fights, then there’s one important thing you’re losing in the process — your PRIVACY. When you login into the game using your Google(i.e Gmail) credentials, then you’re handing over full access of your account to its developer Niantic Labs.
This huge privacy blunder was first spotted by Adam Reeve, a principal architect at Red Owl analytics. After logging into the game and not noticing the usual permission check, he decided to look into what permissions have actually been granted to the Go app. And he was surprised to see that Niantic had complete access to his Google credentials.
In addition to this, you’d be surprised to know all the permissions that are dispensed when you grant full-access of your Google account to someone. According to Google’s support page,
When you grant full account access, the application can see and modify nearly all information [emphasis on ‘nearly all’] in your Google Account.
This means that Niantic has complete control over your Google account, and can easily read your emails, access your location and search history, send an email from your account(oohh creepy!) and even access your Google Drive documents(click this link check your account’s security and revoke access to the game).
It is for sure, that Pokémon Go does require a lot of permissions, like using your camera, accessing your precise location, reading and writing on your SD card, among others for its seamless operation and AI functionality. But it shouldn’t have full access to anyone’s online credentials, that is a serious invasion of privacy. It should definitely show some message asking the users to allow access to certain activities required by the developer.
In a response issued to Engadget, Niantic Labs and The Pokémon Company have clarified that they’re not reading anybody’s personal emails. They added that they have erroneously requested full-access to user’s Google accounts on iOS devices, and is working on a fix to only request the correct and necessary permissions. In further goes on to add that,
Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.
Niantic Labs in their statement also point out that Google has confirmed that no other information except the User ID and email address were accessed by the developer. Google also added that it will reduce the information access to Pokémon Go and users need not worry about the same.
it may share “aggregated information and non-identifying information with third parties for research and analysis, demographic profiling, and other similar purposes”
So, you can expect some of your location data to end up in the backyard of third-party tech corporations, including Google. Now it’s upto you if you wanna go ahead and catch’em all, or stay put and keep your 13-year old away from — what could be their favorite game in a long long time.