... and its not a big deal.
Lately because Pokemon Go has become such a big hit I think journalists want to find any dirt they can on the app (really they should be attacking its lack of features that were promised). One issue with it that they all have seemed to have jumped onto is the fact the iPhone app allows Niantic (Ex-Google developers) full access to a users Google account.
The fear mongering that seems to be going on is that this is a massive security risk and bad people will get at your data.
Other than this being a giant amateur amount of coding. This just isn't a problem.
Authenticating with an account such as Google or Facebook etc. uses a framework called OAuth. In OAuth you ask for information from the users account. The fact that they have asked for all information does not mean they are using or storing all information.
And if they are not storing all information in a database then in order for an individual to get access to specific information they would have to write some code in the app that would send it to an external location, get it through testing unseen, get it through the app review process and players would have to download the new version. This is fairly unlikely.
Considering this hasn't been an issue on Android and the fact Niantic are rolling out a patch for iPhones would suggest this was a permissions issue over anything malicious and therefore nothing to worry about. On the other hand their developers may be a bit sloppy if this happened in the first place and we may have other security concerns to contend with in the future. Its quite easy to fear monger, can see why journalists do it now.
iPhone users of Pokémon GO, beware: the app has access to your entire Google account. That’s a major problem for fans of the game. Shockingly, there’s no warning about the extensive permissions either.