Categories: News

No, Pokemon GO isn’t hacking your Google account

While Pokemon GO has slowly begun to take over the world, some players have had a knee-jerk reaction to the Google sign-up process for the game. It was believed that by signing into Pokemon GO via Google on iOS (specifically), you were handing over access to your entire Google account to Niantic.

Essentially, the fear was that anyone that had access to Niantic's servers, whether it be a Niantic employee or hacker, would be able to "see and modify nearly all information in your Google account." Making them able to read and access all your email, Google drive docs, search history, private Google Photos and more.

Niantic has released a response to Engadget over the situation, clearly stating that Pokemon GO only access "basic Google profile information" like your User ID and email address.

We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.

Additionally, Ari Rubinstein, a Slack security dev, tested out the authorization token that Pokemon GO uses to access your information and found that an out-of-date API is causing Google to request users give them "full access" to their accounts. You can read a full report for Rubinstein here.

It turns out that Pokemon GO does not have permission to access things like your email or calendar. It was simply an out of date API, which could have come from Niantic's other mobile game Ingress. Both game use similar features, so the two games could have shared some code – which could account for an out-of-date API or someone forgot to update the code after testing.

TL;DR: Pokemon GO isn't going into your emails and reading them.

Tatiana Morris

I work here, so at least I've got that going for me. Catch me on Twitter @TatiMo_GZ

Share
Published by
Tatiana Morris
Tags: Pokemon

Recent Posts

Review: Hitman 3 is the peak of the trilogy

To kick off 2021, we have a glorious return to one of the best franchises…

4 years ago

Hogwarts Legacy has been delayed to 2022

Last summer, we got our first official look at Hogwarts Legacy. The RPG set in…

4 years ago

EA to continue making Star Wars games after deal expires

Today, it was revealed that Ubisoft would be helming a brand-new Star Wars game. The…

4 years ago

PS5 Exclusive Returnal talks combat, Glorious Sci-Fi frenzy ensues

Housemarque shared lots of new details about their upcoming PS5 game Returnal. Today, we learn…

4 years ago

Lucasfilm Games confirms Open-World Star Wars handled by Ubisoft

Huge news concerning the future of Star Wars games just broke out. Newly revived Lucasfilm…

4 years ago

GTA 5 actors recreate iconic scene in real life

GTA 5 is probably the biggest game of all-time. It has sold over 135 million…

4 years ago