Pokémon Go has more access to your private details than ever!

While the release of Pokémon Go has made the world go crazy for the game, there are also some negative aspects of the game too.  A recent revelation by the security researcher  highlighted that Pokémon Go can read and send emails if you access it through your Google account.

A shocking discovery about the game may upset many of its players. Pokémon Go now has more users than Tinder, and single-handedly increased Nintendo’s market cap by great numbers.  The most-in-demand Niantic gameplay too has some drawbacks. If a user wants to play Pokémon Go, he has to log in with an account. The developers suggest two ways for it.

  1. Create a user name on the Pokémon Trainer Club.
  2. Enter the game via your existing Google account.

Reports say that initially, it became almost next to impossible to create a Pokémon Trainer account. Thus Google log in took the front seat. Although the Google account login is the easiest and widely accepted way of gaming here, it is not the safest one.

The trainers who play Pokemon Go through their  iOS devices  didn’t realize that by going the Google route, they were also granting the game full access to their Google accounts. In short, the reality mobile game could read their emails, access their Google Drive documents, and go through their search history, says Adam Reeves. Reeves is a former Senior Engineering Manager at Tumblr.

Here’s what Reeve claimed the app could do in his blog post:

Let me be clear – Pokémon Go and Niantic can now:

  • Read all your email
  • Send email to you
  • Access all your Google drive documents (including deleting them)
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos
  • And a whole lot more

In a recent interview, Reeve explained he isn’t “100 percent sure” that Pokémon Go can read users’ emails. Quartz has reached out to Google to clarify what full account access entails.

Developers have the option of seeking permission to view only basic profile information. Google’s support page communicates that users should only grant ‘full ‘access to applications they “fully trust” because that setting lets apps “see and modify nearly all information in your Google account.”

Reeve further stated the game developer Niantic had “no need” for full access. He’s since deleted the game and withdrew the game’s access to his Google account.

“I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk,” Reeve wrote.

UPDATE: (via Gizmodo)

Cybersecurity expert and CEO of Trail of Bits Dan Guido has a difference of opinion with Reeve’s claim. Guido says Google tech support told him “full account access” does not mean a third party can read or send or send email, access your files or anything else Reeve claimed. It means Niantic can only read biographical information like email address and phone number.

Google tech support dispatched a statement to Guido, which reads:

In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say “Has access to Gmail”)

Referring to the investigation Guido concluded: “a giant section of [Reeve’s] blog post might be wrong.”

For more updates like Pokémon Go playing tricks, cheats etc. stay tuned.