Pokemon Go maker issues fix for embarrassing privacy gaffe
Pokemon Go maker Niantic has apologised for a privacy security gaffe that gave it full access to Google Apps used by an iPhone owner, including the ability to read email, or send email on a user's behalf – and a whole lot more.
The company says Google will soon "reduce Pokemon Go’s permission" to only the limited information it needs to access for playability [UPDATE: Niantic has now released Pokemon Go 1.1, an update for the iOS version of the game which it says fixes the privacy and security issue with Google apps].
It says it was the result of a programming blunder, not an attempt to tap users' personal information – and that it never took advantage of its ability to read gain full access to Google Apps and their data.
The firm says in a statement: "We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account.
"However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.
"Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.'
Niantic was founded as a fully-owned Google "internal startup" in 2010. In October 2015 it was spun off. Google, Nintendo and various venture capital companies hold stakes in the spun-off company.