At least one security analyst says that signing up to play Pokemon Go could be putting your private personal information at risk.
Adam Reeve, an employee at security analytics firm RedOwl, points out that some iOS users have been granting the Pokemon Go app full access to their Google Accounts, which could allow strangers to read their emails and access documents.
In a post on his Tumblr blog, Reeve explains that there are currently only two ways to sign up to play Pokemon Go: with a Google account, or a Pokemon.com account. At the time he published his blog post, Reeve said Pokemon.com could not take any more applications because of widespread demand.
Reeve said when he logged in to Pokemon Go with his Google Account, he was shocked to learn that he had granted the app “full account access.” According to Reeve, that means that Pokemon Go and the app’s maker, Niantic, had access to read and send Gmails from his account, access Google Docs from his Drive, look at his search history and his navigation history from Google Maps.
On his blog, Reeve says that playing Pokemon Go isn’t worth the risk.
“Now, I obviously don’t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all. I’ve revoked their access to my account, and deleted the app.“
Reeve also added that Niantic was only asking for full account access from only some iOS users, but he is encourages players to check and see for themselves. You can do that here.
Alex Hider is a writer for the E.W. Scripps National Desk. Follow him on Twitter @alexhider.