No, Pokémon Go ISN’T reading your emails OR hijacking your Gmail account

If you’ve already read our Pokémon Go guides, you’re probably knee-deep in Rattatas and well on your way to becoming a Pokémon master – but yesterday there was just one problem.

No, Pokémon Go ISN’T reading your emails OR hijacking your Gmail account

Several websites reported that the iOS version of

Pokémon Go had full access to your Gmail account when you logged in with a Google ID. If that was true, it meant the app potentially had access to your Photos and other content. Worse still, it meant that if Pokémon Go was hacked in the future, criminals could have access to all your data. Understandably, that had a lot of people worried, but now it seems it was just a false alarm.pokemon_go_3

If you’re using Pokémon Go on iOS you can take a look at your Google security permissions with this link, and although it says the app has “Full Access”, that’s a bit misleading. Niantic, the maker of Pokémon Go, has confirmed that the app wasn’t reading our emails after all, and released the following statement:

“We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.

Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”Pokémon Go tips and tricks

So why the Full Access message?

So why does Pokémon Go appear to want to get hold of our entire Google account – even though it’s not using it? Slack security dev Ari Rubinstein tested the OAuth token used by Pokémon Go, and found it was using an out-of-date API. According to Rubinstein, that out-of-date API is throwing Google off, and making it display the incorrect “Full Access” message.

Niantic says: “Google will soon reduce Pokémon Go‘s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”

So to recap: you won’t need to cut your Pokémon journey short, and there are no Pokémon reading your emails.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos