Pokémon, Whoa

The game Pokémon GO is an overnight sensation; it has also raised some security concerns about what personal information it might access.

  • Published 11 July 2016

The Pokémon GO app has taken over popular culture since its July 2016 release.  The augmented reality game has already unleashed hordes of people in public places (you have to walk around to move your avatar), spawned several news stories and generated a few myths in the process.

The game is free to download and play, although it does support in-app purchases.  However, the app also does ask for extensive permissions, which according to some accounts potentially gives it access to data it doesn’t need or shouldn’t have. (It should be noted that although an app may ask for permission to access various sources of information, that doesn’t mean the app is actually obtaining that data or using it for inappropriate reasons.)

The app’s privacy policy has also received criticism for being vague (especially about the matter of Google profile information). Niantic, the company that developed the game (as well as the popular Ingress), says they’re looking into the issue and will fix it soon

We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

As it stands, the app currently takes “Full Account Access” for Google; this can be avoided by opening a fresh account specifically for Pokémon GO:

When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).

Certain Google applications may be listed under full account access. For example, you might see that the Google Maps application you downloaded for your iPhone has full account access.

This “Full account access” privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.

This access can be revoked via your Google Security page at any time.  

Since 1994
A Word to Our Loyal Readers

Support Snopes and make a difference for readers everywhere.

  • David Mikkelson
  • Doreen Marchionni
  • David Emery
  • Bond Huberman
  • Jordan Liles
  • Alex Kasprak
  • Dan Evon
  • Dan MacGuill
  • Bethania Palma
  • Liz Donaldson
  • Vinny Green
  • Ryan Miller
  • Chris Reilly
  • Chad Ort
  • Elyssa Young

Most Snopes assignments begin when readers ask us, “Is this true?” Those tips launch our fact-checkers on sprints across a vast range of political, scientific, legal, historical, and visual information. We investigate as thoroughly and quickly as possible and relay what we learn. Then another question arrives, and the race starts again.

We do this work every day at no cost to you, but it is far from free to produce, and we cannot afford to slow down. To ensure Snopes endures — and grows to serve more readers — we need a different kind of tip: We need your financial support.

Support Snopes so we continue to pursue the facts — for you and anyone searching for answers.

Team Snopes