To play the game you need an account. Weirdly, Niantic won’t let you just create one – you need to sign in with an existing account from one of two services – the pokemon.com website or Google. Now the Pokemon site is for some reason not accepting new signups right now so if you’re not already registered there you’ll need to use a Google account – and that’s where the fun begins.
If you sign in with your Google account on your iPhone – Pokemon Go and the developer, Niantic, can now:
- Read all your email
- Send email as you
- Access all your Google drive documents (including deleting them)
- Look at your search history and your Maps navigation history
- Access any private photos you may store in Google Photos
- And a whole lot more
What’s more, given the use of email as an authentication mechanism (think “Forgot password” links) they now have a pretty good chance of gaining access to your accounts on other sites too.
You can see if Pokemon Go has full access to your Google account by checking the apps section of Google’s security settings.
Updated July 11, 2016 @ 19:25 hrs: Google to change app permissions for ‘Pokémon Go’ after security concerns