Reports suggest that the Pokemon Go app, which was released last week, may contain a worrisome security flaw.
When users download the app from the Apple or Android stores, they are asked to log-in with either a Pokemon.com or Google account, according to the Verge.
However, logging in using a Google account automatically grants full account access to the Pokemon Go app.
“When you grant full account access, the application can see and modify nearly all information in your Google Account (but it can’t change your password, delete your account, or pay with Google Wallet on your behalf),” a Google help page states, according to the Verge.
Pokemon Go would therefore have the ability to read and send emails from your account, access your Google Drive and go through search history.
“This ‘Full account access’ privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet,” the help page adds.
Six separate Verge employees confirmed that full access had been granted to Pokemon Go when they signed in. The Guardian reported the problem occurred for IOS users and a number of Android users.
Users can revoke the access in their Google account settings, but it means they can no longer play.
This security risk could impact a large number of people. NPR reported that Pokemon Go is the top downloaded free app in both the Apple and Android stores, and it is catching up with Twitter for the number of daily users.
Nintendo, which was involved in the production of the game along with developer Niantic Labs, has enjoyed a share price increase of 36 percent and achieved $7.5 billion in gains for the company in two days, according to Reuters.
Many people have gathered around the world to test out the game. Pokemon Go enables players to locate Pokemon in their natural environment. Specific locations have also been identified as PokeStops, where players can gather to train their Pokemon in gyms and collect potions.
Another security risk related to the game is the proliferation of fake Pokemon Go apps online. One such app claims to be the genuine article but is in fact infected with malware that gives attackers full access to a user’s phone.
“Rogue apps can be hard to differentiate from real apps. It’s a really scary proposition and it’s getting progressively worse,” Stephen McCarney, of security company Arxan Technologies, told the Guardian.