Pokemon GO has taken the world by storm in under a week, as our own Brendan Quinn talked about today. But with the runaway success comes with some concerns. Namely, Niantic being able to access a bit too much information — at least if you're an iOS user.
As security expert Adam Reeve points out in a Tumblr post, Pokémon Go's launch version has been able to access a bit too much information on their iOS users. Those using their Google accounts to play the game were susceptible to the game doing a whole host of shady things. These included:
- Reading your email.
- Sending emails as you.
- Accessing your Google Drive and editing stuff in it.
- Look at your private photos in Google Photos.
- Scan your search history.
There's a lot more, but those are the big bullet points. Some corners of the internet didn't take too kindly to this revelation. The very idea of Pokémon Go accessing private information was a scary prospect. It set off red flags that the whole thing could be nothing more than a nostalgia-based data-mining experiment.
Luckily, Niantic was swift with a statement, as reported by Gizmodo:
We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.
As of today, Version 1.02 of Pokémon Go has been released. It fixes the permissions error, as well as improves app stability. From my own experience, it also reduces battery drain somewhat.
There might not have ever been a risk involved with Niantic hijacking your identity. Still, Pokémon GO is a reminder to be aware of the permissions you agree to with apps.