Amid revelations that the popular Pokémon Go game for iPhone offers universal access to Google accounts, Google and Niantic have said that user emails and other sensitive data are not being harvested, and that a pair of fixes are incoming.
Early Monday, analytics firm architect Adam Reeve claimed that installing Pokémon Go and using a Google account to play the game granted full access to linked accounts on both Android and iOS, without informing the user. Apps with universal permissions, according to Google Play, "can see and modify nearly all information in your Google Account" but "can't change your password, delete your account, or pay with Google Wallet on your behalf."
The Google Play store is more transparent than the iOS App Store is for this title regarding what the app can access. On the Pokémon Go page, the title is listed as having "full network access" and access to "accounts on the device."
Practically, full account access could allow developer Niantic the ability to peruse emails, send emails on behalf of the user, contacts, photos, and any other information stored by a Google account. Simple work-arounds exist, such as creating a Pokémon Account when the servers recover, revoking full permission from the title which has caused crashing of the game, or using a temporary throw-away account to play.
"Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected," Niantic said in a statement.
As a response, Niantic is implementing a client-side fix for Pokémon Go to request permission for only basic Google profile information, corresponding to what the company claims that it is accessing. Niantic also notes that partner Google will soon reduce access permission to only basic data from the server-side as well. No timetable for either fix has been announced.
Pokémon Gowas developed as a joint effort between Niantic and Nintendo, and first launched on iPhone last week. The title continues to hold the top spots on the iOS charts. The game is said to be generating between $3.9 million and $4.8 million per day worldwide.
Apple is even said to be earning more from iOS players than Nintendo is collecting directly, as part of a complex business arrangement involving the Pokémon intellectual property.
15 Comments
Bullshit.
All the data they wanted has been collected already during this massive rollout. This "fix" is a ruse, and will shade them from scrutiny.
Funny how so many blogs reported this as an iOS issue, and not a Niantic issue.
"The Google Play store is more transparent than the iOS App Store is for this title regarding what the app can access." True and misleading. For Android you need to live with the access to the data an app has. Its either install or don't install. On iOS the user controls what access an app may have.
It's moot in this particular case as the iOS app explicitly asks for your Google username and password.
Niantic have released this statement