Skip to main content

Don't panic, Pokemon Go isn't stealing your Google mail

UPDATE

A blog post (opens in new tab) from software architect Adam Reeve last night stated that Pokemon Go (opens in new tab)'s Google account settings gives Niantic full access to your emails and documents. This is actually not the case, while Pokemon Go is using Google's 'full account access,' this doesn't actually grant anyone these specific permissions. 

In a statement given to Gizmodo (opens in new tab) on the matter, Google says "In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say 'Has access to Gmail') ." This basically means that you can sleep easy and Niantic isn't paddling about in your Google docs and mail. However, the team is dialling back the access just to basic, as that's all it was always using. 

Here's the full statement given to Kotaku (opens in new tab) from Niantic: 

"We recently discovered that the Pokemon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokemon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected."

"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokemon GO’s permission to only the basic profile data that Pokemon GO needs, and users do not need to take any actions themselves." 

So don't worry, carry on training, people. 

If you're just starting out, here's some Pokemon Go tips (opens in new tab), find out what it's like to live in a house that's also a Pokemon Gym (opens in new tab) and read how the future of Pokemon Go means we'll be trading with friends soon (opens in new tab). Plus, here's why your local landmarks are Pokestops in the game (opens in new tab)

ORIGINAL

Pokemon Go has quickly taken over the lives and towns of countless players (opens in new tab) since it started rolling out last week, but it could also literally take over your digital life. Multiple players, including myself, have discovered that signing into the game on iOS via Google grants Pokemon Go full access to your account.

Software architect Adam Reeve was the first I saw to publicly cry foul about the issue in an informative blog post (opens in new tab). The problem isn't that Pokemon Go can use your Google Account to sign in - it makes sense, since it uses a lot of Google technology - the problem is that it automatically gives itself way more access to your Google Account than it should ever need. Here's the description of what giving an app something full account access does from a Google support page (opens in new tab): "When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf)."

The issue seems to be limited to people who play the game on iOS, and not everyone's account has been affected. You can check yours on Google's account security page (opens in new tab) - if you see "Pokemon Go Release" listed and it "Has full access to your Google Account", you can revoke it right from there. But if you ever sign out from the game and log back in, it will get full access again. You could avoid the issue by signing in with a Pokemon Trainer Club account (opens in new tab) from Nintendo, but the club is limiting new sign-ups at the moment because of high traffic.

It's doubtful that developer Niantic Labs intends to do anything malicious with all this access. It was probably just an oversight. But intentions aside, if any malicious folks hack their way in from the outside, they could get an unparalleled level of access to your sensitive information. You can decide how serious the problem is for yourself, but I'm going to bid farewell to my menagerie of GPS monsters until Niantic fixes this.

Seen something newsworthy? Tell us!

GamesRadar+ was first founded in 1999, and since then has been dedicated to delivering video game-related news, reviews, previews, features, and more. Since late 2014, the website has been the online home of Total Film, SFX, Edge, and PLAY magazines, with comics site Newsarama joining the fold in 2020. Our aim as the global GamesRadar Staff team is to take you closer to the games, movies, TV shows, and comics that you love. We want to upgrade your downtime, and help you make the most of your time, money, and skills. We always aim to entertain, inform, and inspire through our mix of content - which includes news, reviews, features, tips, buying guides, and videos.