Both companies have pronounced themselves about the apparent security leak for iOS users.
Last night, software Architect Adam Reeve started an outcry when he noticed a little detail in Pokémon Go’s Release permissions, as they list “Has full access to your Google Account”, which can be recognised as the same level in which Google Chrome and Gmail rests. Oops?
Many players rapidly opted to erase the app or open Pokémon Trainer Club accounts for the time being — it was unlikely Niantic, let alone Nintendo were intending of using the info for malicious purposes, and many speculated it would have been just an oversight anyway, considering it only affected iOS users.
Yet, it was a serious security matter, as people worried about the integrity of their email accounts and other sensitive information. Not wanting the misunderstanding to reach unneeded spread, Google quickly stated to Gizmodo:
“In this case, we checked that the Full account access permission refers to most of the My account settings. Specific actions such as sending emails, modifying folders, etc, require explicit permissions to that service (the permission will say ‘Has access to Gmail’) .”
Confirming that, unless the permission explicitly list apps like Gmail, their functions and information will be out of reach to Pokémon Go. Niantic, in taking responsibility for their oversight, replied to Kotaku:
“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.”
“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokemon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
So, in the end, nothing out of the ordinary. For an app sitting atop the iOS App Store charts since its release and adding billions to Nintendo’s market share in a less-than-a-week-old beta, it would be weird to not see this sort of inconveniences it be dealt with at lightspeed.
Now, we only need to see how do they deal with the server overload and the Pokémon Go Plus resellers (god help us preventing another Amiibo-like fiasco).