Pokémon Go, which I think is fair to call a phenomenon now, can also be a security risk since it asks for full access to your Google account when you sign in. Adam Reeve writes:
Now, I obviously don’t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all. I’ve revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there’s no way it’s worth the risk.
It’s always a good idea to review what apps you’ve given access to on your security permissions page from Google. Rene Ritchie, writing at iMore, breaks down how you can still play the game securely by creating a “burner” account.
Update: Ars Technica has an update from Ninatic about how they are going to fix this:
Niantic has confirmed in a statement that the Pokémon Go app requests more permissions than it needs, but that it has not accessed any user information. Google will automatically push a fix on its end to reduce the app’s permissions, and Niantic will release an update to the app to make it request fewer permissions in the first place.