The makers of the widely popular smartphone app, Pokemon Go, had to make emergency fixes because the app gave the company an unprecedented level of access into users’ personal lives.
For some users with iPhones who signed in using their Google account, the app would require “full access” which would allow the gaming company to read users’ emails.
Google settings state that “full access” means Pokemon Go “can see and modify nearly all information in your Google Account.”
Niantic, the game’s developer, acknowledged the coding “error” on Monday. In a statement late Monday night, the company said it only wanted minimal information — a person’s unique player ID and email address. However, “the Pokemon Go account creation process on iOS erroneosly requests full access.”
Niantic promised it will would not use the full access of personal information and has begun work on a fix to reduce the permission needed to play the game.
“Google will soon reduce Pokemon Go’s permission to only the basic profile data that Pokemon Go needs,” the company said.
Niantic was forced to admit the error after security experts realized the app requires such unprecedented access to a user’s Google Account.
Adam Reeve, a computer security expert, at the cybersecurity firm RedOwl, was the first to discover the error. “This is probably just the result of epic carelessness,” Reeve said in a blog post on Monday. “I don’t know how well they will guard this awesome new power they’ve granted themselves… I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.
Google settings warns users against granting this level of access on its settings page, “This ‘full account access,” privilege should on be granted to applications you fully trust.”