What Happens To Your Google Account When You're On Pokémon GO
It's a potentially disastrous security risk.
By Tang Ruxyn — 12 Jul 2016, 10:26 AM
Gamers who have downloaded Pokémon GO to become the very best, like no one ever was, could be giving out a lot of their personal information to Nintendo and app developer Niantic Labs
Anyone who signed up for Pokémon GO with a Google account (the other option, a Pokémon.com account, is unavailable right now) has perhaps unknowingly given Nintendo and developer Niantic (formerly owned by Google, but still part of Google's investment portfolio) full account access.
That means they can see, edit, or collect just about anything related to your Google account.
Emails, photos, documents, all of your past location and search history: it can see all of this stuff, from even before you started using the app. It can also send emails as you—kind of the number one, red flag, alarm bell hacker opportunity in the digital world, aside from banking.
This was first discovered by Adam Reeve, a software architect, who described this as a "huge security risk"
The security vulnerability appears to affect players who signed up to play the game using their Google account on both Apple and Android devices.
Typically app developers use this approach to make sign-up quicker and easier for players – it uses existing credentials stored on your phone so you don’t have to create yet another online account. Usually, apps only require basic information such as your name, email, gender and location and this is explained clearly at the point of sign-up.
theguardian.com
It was noted that the Pokémon GO app does not notify users that full access is being granted when users sign up to play using their Google account.
However, Reeve wrote on his Tumblr, that it could be a mere oversight and there's no indication that developer Niantic Labs is actively using that power, but it is still a real privacy concern for users that are playing a game that is about to beat Twitter’s number of daily active users.
Here's what you can do to properly revoke the access granted:
2. Remove the access from the page if you see it.
3. Simply uninstalling the game on your phone will not revoke Pokémon GO’s extensive permissions to your Google account.
Revoking Pokemon GO’s access would mean that you won’t be able to play the game anymore but there is a way to work around it
Tech sites have suggested using a "Google Burner Account" for the game.
What this means is to create another free Google account, an entirely random one with no personal information included, to play the game.
You could keep your identity secure without any privacy concerns while playing the game.
However, there's a price to pay for this ease of mind because if you have been deeply invested in the game, you will be disappointed to find out that you are going to lose all your Pokémon and start over from scratch.