Skip to main content
  1. Home
  2. Gaming
  3. News

Niantic responds to concerns of Pokemon Go’s request for full Google account access

Niantic responds to Pokemon Go Google security concerns

Brad Bourque
By

pokemon
Image used with permission by copyright holder
Pokemon Go-mania is sweeping the nation, and it isn’t hard to see why. For a lot of us, the reality of wandering about, capturing Pokemon, and battling at gyms is a dream come true. As the honeymoon wears off, however, users are starting to find issues with the new app, and one of them may be compromising the security of your entire Google account, according to analytics architect Adam Reeve.

In order to play, users have to either create a Pokemon Club account, or sign in with an existing Google account. The latter is almost always the more secure option, as you can carefully control each site’s access, and revoke it if something goes wrong. Niantic labs, the Pokemon Go developers, simply request access to your Google account. Usually that means an email address and basic info, but for Pokemon Go it requests full access to your account. That’s a pretty scary proposition, according to the Google support page on app access.

Recommended Videos

“When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf)…This ‘Full account access’ privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.”

Related

Niantic and the Pokemon Company quickly responded with the following joint statement, claiming that it was a mistake which will soon be corrected:

We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. 

Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

Until the issue is resolved, however, that means the Pokemon Go app could theoretically delete everything in your Google Drive, or email its contents to everyone in your address book. It’s not a matter of necessity either, as other users have pointed out that Ingress only asks for a minimal amount of information when connecting to a Google account. Developers decide to ask for however much access they need, so somewhere along the line, someone at Niantic decided to ask for the keys to the house.

Any iOS users who are uncomfortable with this overreach can revoke the app’s access, but know that in the process you’ll be deleting your progress and will be unable to play the game. Android users have a trickier go of it, as a number of users have reported that Pokemon Go doesn’t even show up on their security access page.

Updated on 7-12-2016 by Will Fulton: added Niantic’s reponse.

Editors' Recommendations

Topics
Brad Bourque
Brad Bourque
Former Digital Trends Contributor
Brad Bourque is a native Portlander, devout nerd, and craft beer enthusiast. He studied creative writing at Willamette…
How to get coins in Pokémon GO

As part of a free-to-play title, the digital currency known as PokéCoins make the Pokémon GO world spin. PokéCoins are used to buy additional Pokéballs, draw Pokémon to your location, and even change your character’s appearance. From buying them with real money, to grinding them for free, we’re going to show you how to get coins in Pokémon GO.

Recommended reading: 

Read more
Destiny 2 is going free to play on Google Stadia for all players with an account
Screenshot from the Crucible in Destiny 2

Destiny 2 will become Google Stadia's first free-to-play game. Starting on November 19, Bungie's looter shooter will be free for all Stadia users regardless of whether or not they have a subscription.

Anyone with an account for the Stadia cloud-gaming service will be able to play Destiny 2: New Light, which features the core free-to-play game with no expansions. The game is already free to play on services like Steam, but this is the first time Stadia has made a title free.

Read more
Mega evolution update brings massive changes to raids in Pokémon Go
A trainer with a bunch of mega evolved Pokémon.

Mega evolutions have finally arrived on Pokémon Go, and with them come several important changes that fundamentally alter the raid experience of the game.

Two- and four-star raids are gone, which product lead Matt Slemon chalked up to their unpopularity with players and the lack of a clear incentive. The rewards for two- and four-star raids will be folded into one- and three-star raids.

Read more