Pokémon Go: We didn’t mean to intrude on people’s privacy by reading Gmail messages, developers say

The app got full permissions to people’s Google account, giving them free rein over the information in them, but it didn’t mean to

Andrew Griffin
Tuesday 12 July 2016 14:18 BST
Comments
(Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Pokémon Go had full access to everyone’s Google accounts – but developers have said it happened by accident.

Controversy erupted yesterday over the apparently huge amounts of data that developers Niantic were giving themselves when users signed up to play the game.

Registering to play Pokémon Go requires users to sign up with their Google account, which also contains Gmail messages and Google Drive documents. When users go through that process, they appear to hand over access to all of those files – apparently without ever knowing.

But developers Niantic said that they haven’t accessed any data other than “basic profile information”. It also said that it is working on a solution so that all of those permissions can be reduced and the game will be safer and less invasive.

Many had suggested when the news broke that the invasion of privacy had happened by accident and that the company didn’t seem likely to actually use its access. But it still represented a security concern since any hacker that broke into Niantic’s systems would be able to use the permissions to take over a users’ digital lives.

The company said that the problem would be fixed automatically, and that users didn’t have to do anything.

“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account,” the full statement read. “However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.

“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic.

“Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”

Pokémon Go players can find out whether they’ve had their Google accounts signed up by heading to Google’s specific page for permissions.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in