While millions of Pokemon Go fans out there are busy trying to "catch 'em all," the popular smartphone app is quietly snatching up a lot of personal data from their smartphones.
As CNET reports, blogger Adam Reeve discovered a gaping security issue after starting to play on his iPhone: if you sign up for Pokemon Go using your Google account on an iOS device, the app is granted full access to your Google account -- emails, photos, calendar, contacts Google Drive, browsing history and more (though not your Google Wallet payment system). The developer, Niantic, acknowledged "Pokemon Go gains unnecessary 'full access' to users' Google accounts on iOS and is actively issuing a fix."
An updated version of the app was released on the App Store on Tuesday, with the notation: "Fixed Google account scope."
Even aside from that iOS issue, Pokemon Go taps into a phone's GPS information to track players' locations -- that's how it superimposes digital Pokemon characters into their real-world environments.
As a result -- like other location-centric smartphone apps -- Pokemon Go gathers quite a lot of information about a user. From where you were before, to your current location, to the amount of time you spent in a given place, the geolocation data gleaned form the app is ultimately stored by developer Nianti.
The company says it may also log the Internet Protocol (IP) address of the user's computer, the web page they visited before clicking on Pokemon Go, and what pages and search terms they used on the site, among other data.
This, of course, is nothing new, but many users don't stop to think about what personal information they're sharing when they sign up for a new app, game or digital service.
The Pokemon Go app has been a sensation since its July 6 debut, bringing in $9 million in its first week for video game giant Nintendo. The app has surpassed Tinder in Android downloads and currently No. 1 in Apple's App Store. It is free to download and play, but in-app purchases of "PokeCoins" can add up to a lot of real-world cash.
As with any app, users concerned about privacy and the data they might be sharing with third parties should always read the fine print.