Just in case you live under a rock, Pokémon Go has been the trending topic the last few days, simply because it has surpassed the consumer base of allegedly “bigger” companies.
And more than that, simply because its Pokémon! Maybe our dear Jim is not a big fan of the series, but I personally was when I was younger.
Been one of the few games that uses Augmented Reality or (AR) to play and that alone is a huge progress. The team behind the GO part of it, is no other than Niantic, the team that brought to us INGRESS.
Thus far everything sound great about the game, but recently, something really disturbing has happened.
When you first open the app, as in every other app out there, you need to log in with credentials. Within the app there’s just two options, or accessing through a Pokémon account (which is impossible if you don’t have one already) or with Google’s.
When you use the Google account (which is what we all probably do on Android phones) the app generally show a pop up widget after letting you know which features will be accessing. But when you do this on iOS “nothing happens“.
The blogger Adam Reeve, found behavior rather weird and went to his Google page to see what he had given access to. The answer make all his alarms to ring off:
Pokemon Go has Full Access to your Google account
When you grant “full access” to an app, it can see and modify practically all information on your Google account. For you to have an idea, this is what the Google security page say:
- Read all your email
- Send email as you
- Access all your Google drive documents (including deleting them)
- Look at your search history and your Maps navigation history
- Access any private photos you may store in Google Photos
This is something that shouldn’t happen as what an app would need to use in the case you forgot your password or something is, in ay case your name and email address.
Apparently this is not consistent across the APK, as has happened just to some iOS or Android users. But if you want to see if you’re one of them you can do it HERE
Apparently, Niantic has acknowledge the case and made a statement about the incident:
We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.
So, although it seems to be nothing to worry about, it would be better if you keep an eye on your Pokémon Go access ’till everything is settled down.
Also remember that, apart from this issue, there’s a ton of fake apps that carry a malware which would harm your device.
If you don’t live in a country where is fully available at the moment find a secure and known source to get the APK from.