Amid all of the excitement the newly released "Pokémon Go" game has caused, reports have revealed a hidden detail in the app that may be jeopardizing users’ security.
According to The Verge, several users who sign into the app through a Google account are also unknowingly granting “broad permissions over all information linked to the account,” — which includes the ability to read and send emails as well as trace location history through Google Maps.
Making matters worse, the app doesn’t notify users upon signing in that they are allowing such invasive access.
While The Verge notes that there is no proof that the game’s developers, Niantic Labs, is using the access, it still serves as a significant privacy issue for the millions of users actively installing and using the app.
Why is such access necessary if not being used in some capacity?
The permissions can be modified through your Google account, but of course, you wouldn't think to do so if you're unaware you supplied the access in the first place.
It is likely that Pokémon Go is not the only app with this hidden detail, but considering how rapidly it has grown since its release last week, the issue has been brought to the forefront.
Internet privacy is a hot button issue as the fear of hacking and identity theft loom over the heads of Android and iPhone users who store much of their personal information on “secured” accounts.
By not notifying users upon sign-in that they are granting the app full access, the developers are relinquishing them of their right to choose what information they are sharing.
Google’s summary of permissions confirms what “full account access” entails:
“When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).
Certain Google applications may be listed under full account access. For example, you might see that the Google Maps application you downloaded for your iPhone has full account access.
This ‘Full account access’ privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.
If you've granted full account access to an app you don't trust or recognize, we recommend that you revoke this permission by clicking the Revoke access button.”
In short, if you don’t want your account to be vulnerable, then you’d better take a quick break from “catching ‘em all” to adjust your account settings.
Banner Photo Credit: Twitter @CNET