While we’ve all been so focussed on trying to catch ‘em all, it seems we’ve left our Google accounts out in the open.
If you logged into Pokémon Go through your Google account on an iPhone, then you may have given ‘full access’ to your account.
Users have reported that the ‘full access’ given includes reading emails, location history and more.
Google has stated:
"When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).
Certain Google applications may be listed under full account access. For example, you might see that the Google Maps application you downloaded for your iPhone has full account access."
Okay, so we get the maps access since the game uses GPS tracking to work out which Pokémon might be hiding in the bushes nearby you. But what’s with the email access?
The ‘full access’ permission hasn’t been as common with Androids, however, it has varied across different iOS users, so double check!
Google has since acknowledged the privacy concerns and are working on tightening the app's access:
"We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.