Last week, Pok\u00e9mon Go was officially released in the U.S. and players downloaded the application in droves. Overall, gamers are reporting a mostly positive experience, after a few server issues, but security experts warn that the app isn't without its risks.Last Friday, Adam Reeve, a Principal Architect at RedOwl, said that Pok\u00e9mon Go was a huge security risk, and focused on the authentication aspects of the application.In order to play the game, the user will need to have an account. There are two ways to authenticate, a Pokemon.com account or Google. Most players, due to a halt in new signups on Pokemon.com have opted to use their Google account.Typically, when Google is used as the authentication method, the user is shown the level of permissions the application is going to need. But in the case of Pok\u00e9mon Go, the authentication is nearly instant and the user is redirected to the login screen \u2013 with no permissions notice.When Reeve went to confirm permissions online, he learned that Pok\u00e9mon Go had full access to his Google account."Let me be clear - Pokemon Go and Niantic can now: Read all your email; Send email as you; Access all your Google drive documents (including deleting them); Look at your search history and your Maps navigation history; Access any private photos you may store in Google Photos, and a whole lot more," Reeve explained."Now, I obviously don\u2019t think Niantic are planning some global personal information heist. This is probably just the result of epic carelessness. But I don\u2019t know anything about Niantic\u2019s security policies. I don\u2019t know how well they will guard this awesome new power they\u2019ve granted themselves, and frankly I don\u2019t trust them at all. I\u2019ve revoked their access to my account, and deleted the app. I really wish I could play, it looks like great fun, but there\u2019s no way it\u2019s worth the risk."The issue is that when authentication measures such as the one being used by Niantic (the company behind Pok\u00e9mon Go) are implemented, the rule of thumb is to require the least amount of permissions. For iOS players, the company has requested total control over the Google account. For those on Android, it's a bit different.On Android, Pok\u00e9mon Go has many of the same device controls required by iOS, but it doesn't have total control over a user's Google account. What it can do is take video and pictures, read and use accounts on the device, read and modify the SD card, use Google Play's billing features, and track location. (Android permissions image provided by @oscaron)There are other concerns as well, particularly the amount of data being collected by the application.One of the weekend debates surrounding the game focused on the GPS and location data, which could be mined and collected.Anyone playing this game is sharing metadata \u2013 at the very least \u2013 which means details on who they are, where they live, locations they frequent, who they associate with, time spent in each location, etc. Odds are, this is more data than they initially intended, and the concern is compounded when you consider the fact that kids are playing the game too.Salted Hash has reached out to Niantic to inquire about what data is being collected, and how it's being used. We'll update this story should they respond.For now, if the risk is too much, uninstall the application \u2013 otherwise, just be aware of the type of data that's being collected and how it's accessed.Update: Niantic has issued a statement on the matter. The permissions on iOS were a mistake, and they've now been fixed."We recently discovered that the Pok\u00e9mon GO account creation process on iOS erroneously requests full access permission for the user\u2019s Google account. However, Pok\u00e9mon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected."Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pok\u00e9mon GO or Niantic. Google will soon reduce Pok\u00e9mon GO\u2019s permission to only the basic profile data that Pok\u00e9mon GO needs, and users do not need to take any actions themselves."