Update 7/12: Niantic, the developer of Pokemon Go, says it isn’t accessing users’ Google accounts and is working with Google to restrict permission. Our original story from 7/11 appears below.
Pokemon Go launched less than a week ago, and it’s already a phenomenally popular game. Unfortunately, you might have to think about deleting it.
One Pokemon Go user happened to notice a concerning security risk in the app. Adam Reeve, who previously worked at Goldman Sachs and Tumblr and is currently employed by security analytics company Red Owl, wrote about the threat in a blog post.
You only have two options to sign into the game—use log in information from pokemon.com, or sign in with your Google credentials. Because of the immense popularity of the game, the Pokemon website currently (at the time of writing) isn’t accepting new users. That means Google is your only choice.
Reeve noted that when some iOS users sign into Pokemon Go through Google, they’re giving Niantic, the developer that created the game, full access to their account—that includes Gmail, Google Drive, Google Maps, Google Photos, and other Google features. If Niantic chooses to do so, it has the ability to read your emails, send emails, and even view your search and navigation histories.
This is already the second security concern that Pokemon Go has faced in the six days it’s been available to iOS and Android users. Fortune reported that hackers have already attempted to spread malware through a compromised version of the game.
Pokemon Go was launched on Wednesday and quickly shot to the top of the App Store and Google Play. In just those few days it has already become bigger than Tinder and has added $7.5 billion to Nintendo’s (NINTENDO) market value.
Nintendo has declined to comment.