Pokémon Go developer Niantic has looked to calm fears it could be using the game to access highly personal Google account data.
In a recent Tumblr post from Adam Reeve -- an architect at information security outfit, RedOwl -- it emerged that iOS users who've signed up to Pokémon Go through their Google account may have inadvertently granted Niantic full account access.
What that means, according to the Google help page, is that Niantic can see and modify "nearly all information" in those affected Google accounts.
"This 'Full account access' privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet," explains the page.
Reeve was startled by his findings, but stopped short of suggesting Niantic had some ulterior motive in mind. Rather, he assumed the dev had simply slipped up somewhere down the line.
Now, Niantic has revealed that's exactly what happened, with the studio explaining to MCV that the game only actually accesses "basic Google profile information," and doesn't receive the full account access it mistakenly asks for.
"We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account,” revealed the company.
"However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.
The studio says it's working on a client-side fix that'll see the game accurately request permission for basic Google account information.
"Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves."
No tags.
