Privacy aficionados might want to stop hunting Pokemon

Jul 11, 2016 23:10 GMT  ·  By

Pokemon-mania has taken over the world once again, years after the TV show had ended, and this time, it's because of the recently debuted Pokemon Go mobile game released for Android and iOS last week.

While the game is on a limited and very slow release, millions of people are already playing it, and even more want to but currently can't.

One of those who had the "privilege" of installing the game was Adam Reeve, who noticed something strange during the sign-up process.

Pokemon Go doesn't prompt some iOS users for permissions during sign-up

In its current form, users that want to play the game have to sign up for the app. Unfortunately, the app doesn't allow users to create accounts but asks them to log in using their pokemon.com or Google accounts.

Because the pokemon.com website has disabled registrations, possibly due to the very large number of users flooding their servers, the only viable method for a new user to play the game is to use their Google account.

During the sign-up process, Adam noticed something strange. While authenticating the app with his Google account, he didn't see the intermediary screen, which Google usually shows detailing what type of data from the user's Google account the app can access.

Pokemon Go gives itself full account access

After authenticating the app, regardless of the missing screen, Adam visited the "Apps connected to your account" page, where Google lists what type of data each app can access as far as your account is concerned.

To his immense surprise, the app had automatically received full access to his account, even if he was never prompted for such an intrusive setting.

And by full access, Google really gives an app full access. This includes the ability to read the content of emails, send emails in your name, access private Google Drive or Google Photos files, view Maps or Search history, and a whole bunch more.

"Now, I obviously don’t think Niantic [Pokemon Go developers] are planning some global personal information heist," Adam writes on his Tumblr. "This is probably just the result of epic carelessness."

This behavior seems to be limited only for some iOS devices (not all) and does not affect Android users. Nevertheless, iOS users should visit this page and see what permissions they've granted the app, and if they're not comfortable, they should just uninstall it.