iOS version of Pokémon Go is a possible privacy trainwreck

If you sign into Pokémon Go on iOS, you may be giving it more access than it needs. (credit: Andrew Cunningham)

A word of warning if you’re playing Pokémon Go on iOS: signing into the app through Google currently gives the game full access to your Google account (hat tip to Adam Reeve for discovering the issue). External apps that you sign into with Google often ask for a small subset of permissions based on what they need to do—view your contacts, view and send e-mail, view and delete Google Drive documents, and so on. But Niantic’s Pokémon Go iOS app doesn’t ask, and with full account access, it can theoretically do all of those things and more. You can check on and revoke permissions for Pokémon Go and any other external app on this page.

We’ve independently verified that the game requests full account access on iOS, but the Android version doesn’t appear to have the same problem; you can sign in with Google but the app doesn’t show up on the permissions page. And, of course, you don’t need to use a Google account to play Pokémon Go—an account created through the Pokémon site will also work. However, that site is currently having server problems and you may not be able to create an account right now if you don’t already have one.

Creating a Pokémon account is one option, but the site is having problems right now. (credit: Andrew Cunningham)

It’s very likely that this is an oversight or an error rather than an intentional, malicious move on Niantic’s part, but we’ve contacted the company for more information and will update the article if we receive a response. (Update: "No comment to share at the moment.") Hopefully an app update can resolve the privacy and security issues.