Adam Reeve, the security expert said the game need an account to play, and you get the choice to create an account from Pokemon.com website or by connecting your Google Account. According to Adam Reeve, he said in one of his tweets that Pokemon Go is a “Malware” and a “Huge security risk”
— Adam Reeve (@adamreeve) July 9, 2016 Adam Reeve said Pokemon Go players have actually endangered themselves to security risks by signing up with their google account. Pokemon.com website is rejecting new sign-ups at the moment, so people are forced to use their Google account to sign-up. According to Adam Reeve, when you install the game you need to enter the Google account, then you are redirected to login. Usually, we used to see apps or games asking for permissions like “View your basic profile information”, “can view your contacts” etc. However, Researcher Adam Reeve was “stunned” when he came to know that Pokemon Go grants itself “Full account access” to his account. According to Google support page if you grant any app the “Full account access” it can: According to Adam Reeve, Pokemon Go developed by Niantic can now:
Read all your email. Send email on your behalf. Access your Google Drive documents (including deleting them). Look at your search history as well as Maps navigation history. Access your private photos stored in Google Photos. And a whole lot more.
Even though Pokemon Go might not be planning to conduct a heavy data theft, But we are now watching lots of security breaches and this type of permissions can be dangerous. We often see leaked data ended up in the wrong hands of hackers to access accounts. In Reply Niantic said they have been actively working to fix the permissions issue “We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account” Niantic also said, “Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.” For Gamers who already granted permissions can revoke Pokémon GO’s full account access to their Google account here’s what they can do:
Go to Google Account Permission Page and there look for Pokemon Go Select Pokemon Go and then click “Remove” to revoke full account access.