No, Pokémon Go ISN’T reading your emails OR hijacking your Gmail account
If you’ve already read our Pokémon Go guides, you’re probably knee-deep in Rattatas and well on your way to becoming a Pokémon master – but yesterday there was just one problem.
Several websites reported that the iOS version of
Several websites reported that the iOS version ofPokémon Go had full access to your Gmail account when you logged in with a Google ID. If that was true, it meant the app potentially had access to your Photos and other content. Worse still, it meant that if Pokémon Go was hacked in the future, criminals could have access to all your data. Understandably, that had a lot of people worried, but now it seems it was just a false alarm.
If you’re using Pokémon Go on iOS you can take a look at your Google security permissions with this link, and although it says the app has “Full Access”, that’s a bit misleading. Niantic, the maker of Pokémon Go, has confirmed that the app wasn’t reading our emails after all, and released the following statement:
“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.
Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”
So why the Full Access message?
So why does Pokémon Go appear to want to get hold of our entire Google account – even though it’s not using it? Slack security dev Ari Rubinstein tested the OAuth token used by Pokémon Go, and found it was using an out-of-date API. According to Rubinstein, that out-of-date API is throwing Google off, and making it display the incorrect “Full Access” message.
Niantic says: “Google will soon reduce Pokémon Go‘s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”
So to recap: you won’t need to cut your Pokémon journey short, and there are no Pokémon reading your emails.