This probably isn’t what Nintendo Ltd. had in mind when its marketing wizards created Pokémon’s slogan, “Gotta catch ’em all.”

The celebrated video game developer and publisher, which has risen in market value by $9 billion USD since releasing Pokémon Go, the smartphone-based, augmented reality take on its popular franchise, found itself in hot water this week over concerns the game might allow its developer, former Google subsidiary Niantic Inc., to collect all of a player’s Google account data.

The controversy began when New York City-based mobile systems architect Adam Reeve posted on his Tumblr that the game was forcing players to give it “full access” to their Google accounts.

“Let me be clear – Pokemon Go and Niantic can now: read all your email; send email as you; access all your Google drive documents (including deleting them); look at your search history and your Maps navigation history; access any private photos you may store in Google Photos; and a whole lot more,” Reeve wrote on July 8.

As the article gained traction, Niantic itself released a statement assuring users that the company was not, in fact, capturing all of their information with the zeal of a Pokémon trainer hunting Mewtwo:

Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address),” Niantic said, according to Gawker-owned technology blog Gizmodo. “Google has verified that no other information has been received or accessed by Pokémon Go or Niantic.”

While Reeve himself later backed down on his claims in an interview with Gizmodo (and on his own Tumblr), mobile games such as Pokémon Go still represent a potential security risk for companies that use Google as their e-mail server, or whose employees log into the games using their company accounts.

(That Niantic itself is led by a former CIA employee also appears to have been largely unexplored.)

Fortunately, ensuring a mobile game has minimal access to your Google account information requires only three steps:

  1. Head to your Google security page and look for Pokémon Go (or whichever game you’re concerned about).
  2. Select the game’s title and click “Remove” to revoke full access.
  3. Launch the game on your device to confirm it still works.

While it briefly appeared to present a security risk for its players (and was, in the depressing case of at least nine robbery victims), Pokémon Go has provided players and companies alike with a number of benefits too: it accidentally appears to be one of the most effective fitness apps on the market, and several of the real-life businesses that it’s sent players to have seen a revenue boost.

The game isn’t officially available in Canada yet, though many people are downloading it anyway by changing some of the regional settings on their smartphones.

Share on LinkedIn Share with Google+
More Articles

  • So now we can play freely? Just kidding. It’s good to know all the aspects when it comes to security.