The release of the new Pokemon Go mobile game app has everyone’s heads down and in their phone, as they search for the nearest Pokemon to add to their Pokedex.
However, it is now being revealed that the cartoon-inspired game application is granted complete and FULL access to your Gmail account whenever a gamer signs in.
When signing into the mobile application with your Google account, you unknowingly grant the game access to view all of your emails, Google docs, and anything else you have stored within your Gmail account.
Remember when you downloaded that hot new app called Pokémon Go three days and thousands of hours ago? Remember when you had to sign in with your Gmail account because you probably didn’t have a pokemon.com username?
Unfortunately, if you’re playing the augmented reality superhit on an iPhone, this seemingly standard practice may have handed over full access to your Google account ― and all the data in it ― to Niantic, the creator of Pokémon Go.
RedOwl’s Adam Reeve first reported the “huge security risk” several days ago, after he discovered the app had been granted full permission to his Google account. With such access, Pokémon Go could theoretically read all of your email, send an email as you, look at your search history and access photos you store on Google.
Niantic erroneously requested such permission from some iOS users, but Pokémon Go “only accesses basic Google profile information (specifically, your User ID and email address),” a Niantic spokesperson told The Huffington Post.
“No other Google account information is or has been accessed or collected,” spokesperson Sibel Sunar said in an email. “Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.”
Sunar said Google will soon modify permission to only request basic profile data.
The permissions issue has only been reported for the iPhone app edition of Pokémon Go, and only for some iOS users. I checked my Gmail account on Monday evening and saw this message after downloading the app when it first came out in Australia last week.
You can check your Gmail permissions HERE and revoke access for the applications that’ve gotten a little too cozy with your data. Niantic says users won’t need to do anything after Google deploys its fix.
As several news outlets have pointed out, users are usually notified before an app gains access to an account like Facebook or Gmail. But, as Reeve found, Pokémon Go definitely doesn’t do this.
Google has cautioned users to grant full account access only “to applications you fully trust.”
“Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.”
Nice try Pikachu!