joint statement from niantic and nintendo......
"We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access.
Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves."
there's a lot of false rumors and misinformation out there concerning privacy. what it means is that the client software makes an erroneous request for permission to gain "full" access on info in google account, but this does not mean google automatically grants it. it's an erroneous client to server request. what niantic servers actually need and do are only confined to basic profile info, specifically id and email address, from google servers. thus, server-to-server transactions are not erroneous nor compromised. they are subject to stringent policies dealing with server security and access rights/credentials. the client request is toothless as client requests can be denied or filtered. however, a trusted server-server transaction can have already established credentials for permission to be granted for full access to user data, which is likely the case here. although trusted, verification from google on their server logs did not reveal any abuse or misuse by niantic to obtain more info than what they need other than basic profile info. google nonetheless will need to quash rumors in public by claiming to "reduce" the server-server permission to only basic profile info. there was no abuse, no damage to privacy, no compromise, as the logs have shown but the public needs to be appeased by a "fix", a placebo.
if you're still paranoid, suggest that you create an alternative google account without revealing your real info and use the "fake" account to register for the game. by using google search, map and other google apps (youtube being one) your so called persona on your ios device has been data-mined like shit by google since inception. privacy with wearable and smartphone apps these days is a f*cking joke. peeps have their priorities twisted in a knot. on with go.