A little privacy, please?#PokemonGO pic.twitter.com/7eqPmstl90— ENTJ Probs (@entj_probs) July 10, 2016
Now that the world and your social media feed has been overtaken with Pokemon Go news, it should probably be noted that while the app is the number one free download in the Apple App Store, iPhone users should beware of a major privacy issue relating to your Google accounts. As Ars Technica reports, the iOS version of the app doesn't ask permission before giving itself full account access to your Google contacts, and it can also view and send e-mail, view and delete Google Drive documents, and more. The Android version doesn't seem to have the same issue, but if you want to check and see, and revoke these permissions, go to this security page while logged into your Google/Gmail account.
Niantic Inc., creators of the app and originally an internal Google startup called Niantic Labs, has not commented on the issue thus far, and it's likely to be addressed in an upcoming release though current users are going to want to go and hit the remove button like so:
TechCrunch credits RedOwl's Adam Reeve for pointing out the flaw shortly after the app's launch, and it's curious that it hasn't been addressed though to be fair, Niantic has a ton of other fires to put out following the augmented-reality game's positively crazy popularity over the past five days. As Wired UK reports, Android users are subject to a malicious version of the app that allows backdoors that could give hackers total control over a user's phone, plus the app is causing major battery drain for many users, and it's been subject to server outages because (likely Google Cloud) servers can't handle the volume prompting taunts from Amazon Web Services, their competitor, as Business Insider reports.
As for the iOS security problem, Google itself warns users that such "full account access" should only be granted to only the most trusted applications.
When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf).
This “Full account access” privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.
So, in other words, if you really can't stop playing and "catching them all" before the next release, you may want to at least check up on your Google account right now.
Update: Gawker's Black Bag blog has another piece detailing the concerning language you agree to when you download the app, which includes phrases like, "We may disclose any information about you (or your authorized child) that is in our possession or control to government or law enforcement officials or private parties."