Since 2015, thousands of aspiring Pokémon trainers
have been waiting for the release of Pokémon GO, the augmented reality game
that will allow players to catch hidden Pokémon’s in the real world and conquer
“gyms” through the internet, traveling both physically as well as within the
app itself.
For the first time, we will be able to experience
what it feels like to walk through a meadow and meet a Nidoran, or find a
Gengar in a cemetery, or spot a Magneton near a modern building, all of them in
the wild and waiting to be caught and trained.
Niantic Inc., the game’s developer, with the
support of Nintendo and The Pokémon Company, has so far only made it freely
available to users in the US, Australia and New Zealand. The rest of the world
will unfortunately have to wait for a global release date, which is expected to
be sooner rather than later.
However, this hasn’t stopped fans of Pokémon from
getting access to the game. Many have resorted to downloading the Pokémon GO
APK from a link available via online forums and Facebook groups.
This is problematic. As excited as you may be in
getting your hand on the game early, bypassing traditional routes is not
without its shortcomings. You have to always remember that downloading apps
from nonofficial repositories – such as Google Play and the App Store – entails
security risks.
This game is no exception, as Proofpoint
researchers recently revealed. In a company blog, they explained that they have discovered modified versions of the app that
installs malware in order to spy on users and the content of their devices:
“This specific APK was modified to include the malicious remote access tool
(RAT) called DroidJack (also known as SandroRAT), which would virtually give an
attacker full control over a victim’s phone.”
This malicious Pokémon GO APK is detected by ESET
as a variant of Android/Spy.Kasandra.B.
The danger of following any piece of advice
You were probably surprised, just like us, to hear
that many well-known and trusted media outlets have recommended evading the
security provided by official stores by enabling application downloads from
unknown sources and downloading the APK from third parties. This is not the
kind of advice that a security expert would give.
Regardless of who the developer is, it is important
to highlight that downloads from external sources are never a good idea
because the apps have not go through the usual security controls.
These apps are often modified to include malware or
remote access tools that allow anyone with malicious intentions to gain control
over a victim’s device.
Cybercriminals will certainly take advantage of
gamers who simply can’t wait to download the official Pokémon GO app in their
region, and will hide their threats in apparently harmless archives.
Don’t fall into this trap. Instead, we recommend
you wait for the official game to launch in your country. It’ll be hard, but
it’s the safer option.
Meanwhile, keep your security software
on your mobile device always updated; read reviews from people who have already
installed the application you’re about to download; and pay careful attention to the permissions requested during
installation.
Don’t forget – physical and digital –
security
With regard to digital security, as stated above,
always choose official sources and read the terms and privacy policies
before installing the application. The game will try to collect different
kinds of data from gamers, such as their Google account information, their
GPS location and travel histories, as well their email addresses.
The often-collapsed servers (with only three
countries playing officially) show how massive the Pokémon GO app will be when
it starts to expand. The game has already captured the imagination of those who have started to play it.
Many are transfixed, walking down the street with
eyes fixed on their screens as they look for Pokémon’s, trespassing, standing
in front of churches, police stations, hospitals or private homes where they
have found something interesting.
Naturally, you should make sure not to walk into
dangerous places, not to have your smartphone stolen, and to always carry a
portable charger – this app consumes quite a lot of battery!
Such is the concern over gamers, that a police
force in northern Australia has issued a warning:
For those budding Pokemon Trainers out
there using Pokemon Go - whilst the Darwin Police Station may feature as a
Pokestop, please be advised that you don't actually have to step inside in
order to gain the pokeballs. It's also a good idea to look up, away from your phone and both ways before crossing the street. That Sandshrew isn't going anywhere fast.
Stay safe and catch 'em all!