Pokémon Go’s iOS privacy settings give its developer total access to your Google account [Updated]

PokemonGoFeature

Update: Niantic stated the following to Ars Technica in addressing this topic:

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.

Original story below:

We’ve already touched on some of the real-world issues linked to augmented reality game Pokémon Go, but Monday revealed another significant problem with the game. If you you sign up for the game using iOS (not Android) and a linked Google account, Niantic (the game’s developer) gets complete access to anything and everything attached to said account. While the game has skyrocketed to the top of the download charts and driven Nintendo’s stock price through the roof, issues like this could sharply curtail its upward growth.

As detailed by Adam Reeve, who found the flaw, this means that Pokémon Go can read all of your email, send email directly from your account, access and delete all Google Drive documents, access your search history, access your maps and navigation history, and access any photos you might have stored on Google Photos. Presumably it can also post on your behalf to Google Plus and access information stored in any other shared Google service.

NotHelpfulPokemon

As of this writing, the app only offers two options for signing up for an account — either you go through Google, or you can use Pokemon.com. Unfortunately, the sign-up function for Pokemon.com is currently disabled, so it’s Google or nothing.

If you’ve already signed up for a Pokémon Go account you can visit this account page to remove the application’s full permissions and lock your information up again. That won’t erase any information Niantic may have pulled from your account in the meantime, but it will prevent the application from making further changes.

It’s not clear yet if making these changes will impact whether or not the game runs properly. Some users have reported that they had to reinstall the game after removing account permissions, while others have had no issues. While the issue is supposed to be limited to iOS users, we would recommend that Android users check this as well — the privacy cost of leaving your entire account open to a third-party developer is significant. The problem doesn’t appear to strike 100% of iOS users, but there’s no information yet on which Google accounts request total access and which do not.

Niantic has not responded to requests for comment, save to note that it had no comment to share. Pokémon Go is largely built on Niantic’s previous title Ingress, which made significant use of real-world location data, but nothing either game does would justify or require total access to one’s Google account.

About Skype

Check Also

, Small is big again: Apple announces 4-inch iPhone SE, #Bizwhiznetwork.com Innovation ΛI

Small is big again: Apple announces 4-inch iPhone SE

One of the major trends in phone design across both Android and iOS has been …

Leave a Reply

Your email address will not be published. Required fields are marked *

Bizwhiznetwork Consultation