If you are currently playing the mobile app game Pokemon GO, like countless individuals are right now, your Google account may be accessible by Niantic, the app’s developers.
Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.”
There are several reports that the app’s accessibility is largely a problem for iOS users’ Google accounts – there was an error in the permissions settings for the app, which gave it read and write privileges to pretty much all aspects of the user’s Google account. This means that these users’ e-mails, contacts, search history, and more features implemented with Google could theoretically be viewed by Niantic. Most of the time upon downloading an app, the user will be prompted with a statement that describes what the app has access to, but this is not the case for GO users.
It’s hard to believe that the developers behind Pokemon GO would use this power maliciously, but for those who are not comfortable with this level of security risk, (as anyone rightly would be) there is an easy solution to the problem, and the setting that grants access to the Google account can be changed by going to your Google account settings and changing security settings (link will take you there).
Additionally, if you are able to create a Pokemon Trainer Club account, this will further resolve the issue.
