Pokémon Go is a serious threat to user’s Google account

The recently released Pokémon Go (released on July 6th, 2016), is the latest sensation amongst the video game players. Gamers across the US are downloading the game. However, this free-to-play and augmented reality mobile game is causing a serious threat to Google account used for logging into the game. It is so happening because Pokémon Go game is taking over the full access of the user’s Google account.

What is the Pokémon Go game all about?


Pokémon Go is a GPS based augmented reality game developed by Niantic for iOS and Android mobiles devices. The game allows the user to run around the town and capture Pokémon. The game itself is free, but players can do in-app purchases for various Pokémon accessories and weapons.

Once a user downloads the game on his Android or iOS device, he can log into the game using Pokémon Trainer Club account or Google account. However, many users could not create any Pokémon Trainer Club account as the servers were down. Besides, it is not possible to create these accounts for Pokémon Go through the app. Due to this; many people used their Google accounts for signing into the game. Now, this is where the problem starts.

Generally, when any app wants to access your Google account, it typically asks you for the permission to access your information related to Google account. This includes your location, your contacts, your photos and sometimes your browsing history. However, Pokémon Go game seems to go beyond these permissions as it does not show the access permission screen after the users log-in.

Says Adam Reeve, Pokemon Go and Niantic can now:

  • Read all your email
  • Send email in your name
  • Access all your Google Drive document
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos.

Niantic’s take on Pokémon Go game’s access permissions

Niantic has released a statement claiming the permissions request was in error. Their official statement says,

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your user ID and e-mail address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google account information, in line with the data we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

Fix the issue

If you have also downloaded the game and can’t wait for the makers of the game to release an update for the game; then here’s a fix. You can revoke the extensive permissions to your Google account using the Google Security Page.

From the number of apps connected to your account, select Pokémon Go and then click “Remove” to revoke full access. Launch the game on your device and confirm it still works.

Niantic has addressed the issue and is working on a fix.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 + 9 =