• 07.11.16

Pokémon Go has full access to your Google account, while you’re out there catching them all [UPDATE]

If you’re like nearly every person in the U.S. with a smartphone, you’re probably playing Pokémon Go right now. Despite the fun, however, the app may be a huge security risk.

Adam Reeve, who works for the security analytics company Red Owl, wrote on his personal Tumblr about an issue he noticed: When a user signs up for the game (which must be through Google), it instantly grants Niantic—the app maker—full access to the user’s Google account.

This, says Reeve, means, Niantic could send emails from you, read your emails, access your Google Drive documents, peruse your photos, go through your search history, etc. You can read more about the security issue on Reeve’s blog.

Here’s how to revoke access:

Update: Reeve has now backtracked some of his claims and Niantic probably can’t send and read personal emails. According to Gizmodo, full account access likely means that the app can “can only read biographical information like email address and phone number.”CGW