Pokémon Go players who have logged in to the game using their Google account may have given the app permission to go through all of their Google data, including emails and website history.
The permission error, which one software architect puts down to “epic carelessness” at the company, basically grants the app and its developer full access to your entire Google account. This includes, but is not limited to, Gmail data, website search history, photographs, map history, and documents.
“This is probably just the result of epic carelessness,” expressed software architect Adam Reeve. “But I don’t know anything about [developer] Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all.”
“It seems to have been done by mistake,” claimed mobile security expert Domingo Guerra. “Once you grant access you never know what a third party can do with your account… I’m pretty sure it’s going to get fixed pretty quickly, but it’s not worth the risk.”
Pokémon Go has caused concerns since its US release last Thursday after police announced that the mobile game was being used by criminals to lure, target, follow, and then rob unsuspecting victims in quiet but Pokémon rife areas. One user, a nineteen-year-old girl, even found a dead body after she climbed a fence in an attempt to catch a wild Pokémon.
If you have logged in to Pokémon Go using your Google account, follow the instructions here to remove full account access and permissions to the developer.