Security firm Proofpoint is reporting at least one non-Play Store version of the Pokémon GO Android app has been found to have Droidjack installed. Pokémon GO has become a pretty big hit and people were clamoring to get their hands on it even before it was released. One of the advantages, or disadvantages depending on how you see it, of Android is the ability to install apps from outside the Play Store. But when doing this you’ve essentially stripped away any of the security Google puts in place to protect users from malicious apps.
The buzz around this game created such a squall that users were seeking out any Pokémon GO Android APK they could find. This of course is prime time for anyone who wants to deploy a malicious attack on users and steal personal data. Droidjack has the potential of taking over your entire phone and seeing all of your details effectively giving the attacker any and all of your data. Proofpoint provided screenshots of what the infected Pokémon GO Android app permissions look like. Just head to Settings > Apps > Pokémon GO and find Permissions.
If you’re app settings look like the ones above, you probably have the infected app. If you’re app settings look like the ones below, you have a legit APK and are good to go.
It’s important to note that not all APK’s you download outside the Play Store are going to be bad. But when something with this much hype is released, it’s probably a good idea to have a heightened sense of awareness about what you’re installing.
“Bottom line, just because you can get the latest software on your device does not mean that you should,” the company wrote. “Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.”
Did you download the infected Pokémon GO Android app? Let us know in the comments below or on Twitter, Facebook and Google+.