Update: Niantic have released a statement in answer to this:
“We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.
“Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.”
Taken from CSO Online
The Guardian has written a very interesting article on some possible security implications suggesting that Pokemon Go accesses everything in your Google Account, including emails. This is a bit of a worry if this turns out to be legitimate.
Gamers who have downloaded the Pokémon Go augmented reality game may have unwittingly handed over access to their emails, search histories and Google Drive data.
The security vulnerability appears to affect players who signed up to play the game using their Google account on both Apple and Android devices.
I don’t personally play this but if you do you might want to investigate this a bit further.
Full article found here.