There were two interesting posts trying to analyse the permission problem:
It seems no one can figure out how the app was able to get that permission in the first place as the requested oauth scope doesn’t (shouldn’t?) normally work and only “special” apps (such Google’s own apps) are able to do this.
only “special” apps (such Google’s own apps) are able to do this.
Well, who was Niantics former owner? Maybe they forgot to remove some old auth or something.
“Shouldn’t” as in “please nobody use this API”.
Interesting bit. One of the seed investors to Pokemon GO used to be CEO of In-Q-Tell. The CIA investment fund.
Let’s play 6 degrees of CIA. I guess in this case 2 degrees.
This was also mentioned in the No Agenda media analysis podcast show ep. 842.