Pokémon Go: We didn’t mean to intrude on people’s privacy by reading Gmail messages, developers say

The app got full permissions to people’s Google account, giving them free rein over the information in them, but it didn’t mean to

Andrew Griffin
Tuesday 12 July 2016 14:18

Pokémon Go had full access to everyone’s Google accounts – but developers have said it happened by accident.

Controversy erupted yesterday over the apparently huge amounts of data that developers Niantic were giving themselves when users signed up to play the game.

Registering to play Pokémon Go requires users to sign up with their Google account, which also contains Gmail messages and Google Drive documents. When users go through that process, they appear to hand over access to all of those files – apparently without ever knowing.

But developers Niantic said that they haven’t accessed any data other than “basic profile information”. It also said that it is working on a solution so that all of those permissions can be reduced and the game will be safer and less invasive.

Many had suggested when the news broke that the invasion of privacy had happened by accident and that the company didn’t seem likely to actually use its access. But it still represented a security concern since any hacker that broke into Niantic’s systems would be able to use the permissions to take over a users’ digital lives.

The company said that the problem would be fixed automatically, and that users didn’t have to do anything.

“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account,” the full statement read. “However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic.

“Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

Pokémon Go players can find out whether they’ve had their Google accounts signed up by heading to Google’s specific page for permissions.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments