Pokémon Go has Full Access to your Gmail Account when it shouldn’t

They can read and send emails from your gmail
pokemon-go-gmail-access-full

Pokémon Go mobile game

Pokémon Go has garnered close to 10 million downloads since its launch last week and although the game hasn’t officially been released here in Singapore, there have been many local fans getting their hands on the app through various methods such as VPNs, US iTunes accounts, and unofficial Android APKs.

Apart from malicious malware that might come with unofficial APKs, there is a new security concern when players can only login using a Google or Gmail account. According to reports, some iOS installs of Pokémon Go allow the company (Niantic Labs) to gain full access to their Google accounts, allowing the app to read/send emails, as well as accessing Google Drive files, photos and videos in Google Photos, and other content in the account.

Niantic Labs has acknowledged the issue and stated Google will soon reduce the permissions to basic profile data. If you have already downloaded the game and signed-in to the game using your Gmail account, you can also revoke the full access permissions from Google Account Security page.

google-account-security-page

Removing full access from your Google Account

© 2008-2016 HOWORKS. Reproduction without explicit permission is prohibited. All rights reserved. Great Deals Singapore™ and GDS™ are trademarks of HOWORKS.