Update: Niantic have issued a statement to engadget.com saying:
We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go's permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.
Pokémon GO is the talk of the Internet right now and it seems almost everyone is jumping on the 'mon-catching hype-train, all having a blast at the same time.
While the game has been hugely popular with fans since its launch last week, it has already drawn a few criticisms relating to its mechanics and now it seems there might also be an issue with it's implementation of Google Account authentication, specifically on the iOS version.
Reports have appeared that if you sign in to the game using your Google Account the app is granted full access to your account. Essentially this means the authentication permissions granted can do almost anything with your Google Account, including reading your email, your cloud stored drive documents and of course your Google search history.
While we're confident this is just a bug, it will come as a concern to many. Typically when an app makes use of an external account such as Facebook, Twitter or LinkedIn the client sets a scope of access as to how much of the account it needs access to - for instance on Facebook you might just want to grant permission on basic info and not the ability to post on that users wall, this scope of permission will then be made clear to the user when they approve the access - no such screen appears to be present on Pokémon GO when logging in via a Google Account.
The reports also suggest that this isn't the same for everyone on iOS, but we can confirm the account that this writer setup earlier today did indeed grant full access. You can check this for yourself by visiting accounts.google.com using the account that was used to login.
The issue appears to be isolated to iOS and does not affect Android users.
Have you logged in to Pokémon GO with a Google Account on iOS, has it acquired full access too? Let us know in the comments below.