Pokemon Go maker: Coding error gave company access to your emails

Here’s what playing Pokémon Go is like

The makers of Pokemon Go — the insanely popular smartphone game — were forced to make emergency fixes to the game because the app gave the company an unprecedented level of access into players’ personal lives.

For some users with iPhones, signing into the game with the most convenient option — using your Google account — allows the gaming company to read your emails.

That’s because the Pokemon Go app gets “full access” to your Google account. It’s something most apps don’t dare demand.

Google settings state that “full access” means Pokemon Go “can see and modify nearly all information in your Google Account.”

That includes access to email, according to Google.

pokemon go email access

Niantic, the game’s developer, acknowledged the coding “error” on Monday.

In a statement late Monday night, the company said it sought only minimal information — a person’s unique player ID and email address. But “the Pokemon Go account creation process on iOS erroneously requests full access.”

Niantic promised it will not use this supreme access of personal information and said it has started working on a fix to reduce the user permission needed to play the game.

“Google will soon reduce Pokemon Go’s permission to only the basic profile data that Pokemon Go needs,” the company said.

Niantic was forced to admit its mistakes on Monday after computer security experts realized that the video game gets a rare level of access to your Google account.

Adam Reeve, a computer security expert at the cybersecurity firm RedOwl, was the first to discover this.

“This is probably just the result of epic carelessness,” Reeve wrote in a blog post Monday. “I don’t know how well they will guard this awesome new power they’ve granted themselves… I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.”

Related: Pokemon Go craze sends Nintendo stock soaring

Google settings even warn users against granting this degree of trust on its settings page: “This ‘full account access’ privilege should only be granted to applications you fully trust.”

Nintendo of America, which owns the Pokemon brand, refused to comment via an outside corporate representative, Andrew Karl.

“A game shouldn’t require this amount of access to your data,” said Mark Nunnikhoven, a computer security expert with cybersecurity firm Trend Micro.

Related: Pokemon Go leads teen to dead body

Since the game was released last Thursday, it has been downloaded on Android and Apple devices more than 5 million times.

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article from FiveFilters.org: Most Labour MPs in the UK Are Revolting.

Latest financial news – CNNMoney.com