sorry, using definitely too much rights!
Did you read game required permissions description ?
Ok, here is explanation again:
Game is using Google Accounts access for authorizing game access to game Portal on Google App Engine. Game is NOT READING YOUR PASSWORD or any privacy data. Only email address is used to get unique token access from Google Accounts service. Game is using secure access token for exchanging data with Portal.
It works a safe way. No passwords, logins, but unique safe token is transmitted.
Here is some technical explanation:
http://code.google.com/intl/pl/apis/accounts/docs/AuthForInstalledApps.htmlhttp://blog.notdot.net/2010/05/Authenticating-against-App-Engine-from-an-Android-appThis is not widely used authorization technique, first because users do not trust. They do not trust, because there is no knowledge why it is and how it works. Second, because it is rather hard to implement.
Each Android device already has access to Google Services, and Google created official api for using this:
http://developer.android.com/reference/android/accounts/package-summary.htmlSo, I used this, because it is convenient from user experience point. That's it.
Thanks for reading.
ps.
Here is Game Portal, using the same Google Accounts authorization, tracked by Google. You can safely check how it works. Just try to login and you will be redirected to Google Accounts page explaining access:
http://dj-game.appspot.com
Community
