Yesterday, the permissions agreement that users of Pokémon Go must agree to before playing were roundly and heavily scrutinized. At the center of the concerns is the "full access permissions" Pokémon Go requests, which Adam Reeve of Red Owl Analytics wrote would give the game's developer Niantic total access and control over your Google account. (As Gizmodo notes, Reeve has walked back on this claim, and cybersecurity experts have disputed it.)
Today, Niantic issued a statement to Polygon saying that the game's request for full access permission to iOS users was a coding mistake. Read in full below:
We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.