Home
Apps
Apps Features
Pokemon Go APK Could Hijack Your Phone: How to Check If It's Genuine

Pokemon Go APK Could Hijack Your Phone: How to Check If It's Genuine

By Rishi Alwani | Updated: 29 July 2016 13:43 IST

Highlights

Pokemon Go isn't available outside Australia, New Zealand, and the US
This has led to many to get the game via third-party sites
However some APKs may be able to take control of your device

Until Pokemon Go makes it way to countries outside of Australia, New Zealand, and the US, a vast majority of eager fans have little choice but to resort to obtaining the game through unofficial means, which means downloading the APK file. It's something we've outlined in this handy guide for Android users.

In the event you've obtained Pokemon Go through other sites, there's a chance it might not be the right APK. According to security software company Proofpoint, a malicious version of the game has been uploaded to various APK download sites.

(Also see: How to Download, Install, and Play Pokemon Go Right Now)

"This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim's phone. The DroidJack RAT has been described in the past, including by Symantec and Kaspersky. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia," the firm said.

This means that there's chance that the Pokemon Go APK you downloaded is a fake, and could give anonymous individuals complete access to your phone. Here's how you can tell if the Pokemon Go APK you've downloaded is RAT-free.

(Also see: Pokemon Go Tips and Tricks)

Method 1: check the SHA-256 of your file.

The Secure Hash Algorithm or SHA is a string of characters unique to specific data. It's a way to check if a file has been altered or not by acting like a signature for a text or data file.

To calculate the SHA-256 hash of your Pokemon Go APK this is what you need to do:

Obtain Hash Droid from the Play Store.
Select Hash A File.
Under Select a hash function, choose SHA-256.
Choose the Pokemon Go APK from your Download folder.
Hit Calculate.
If safe you should get: 5a8679e3e4298b7b3ffac725106db12a21bdb0bcf746f44fa7e46c40dbf794aa

At the time of posting this, no updated versions of Pokemon Go have been released so it is safe to assume any other SHA-256 hash belongs to a malicious APK.

(Also see: Playing Pokemon Go in India? Here's Everything You Need to Know)

As per Proofpoint, the SHA-256 of one of the malicious APKs is 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4

Method 2: Check app permissions

On your Android device go to Settings -> Apps -> Pokemon Go
View the Permissions section.
Here's what it should be asking permission for:

(Also see: Pokemon Go Is Responsible for These Real Life Weird and Scary Things)

And here's what one of the malicious Pokemon Go APK asks for:

(Also see: Pokemon Go Cheatsheet: 10 Things to Know About the Game That Has Everyone Hooked)

As you can see, it would ask for access to your call logs, record audio, check your browsing history, and even send messages and make calls on your behalf. Scary.

Hopefully Niantic and The Pokemon Company rectify this by making Pokemon Go available to all regions soon. Till then though we'd advise caution prior to downloading.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Apps, Games, Gaming, How to download Pokemon Go, How to fix Pokemon Go Google Access, How to fix Pokemon Go Security Risk, How to play Pokemon Go, Install Pokemon Go, Niantic, Nintendo, PointProof, Pokemon, Pokemon Android, Pokemon APK download, Pokemon Go, Pokemon Go Android, Pokemon Go APK download, Pokemon Go App Permission Fix, Pokemon Go App Permissions, Pokemon Go Backdoor, Pokemon Go free download, Pokemon Go Google Account Access, Pokemon Go Google Full Access, Pokemon Go India Release Date, Pokemon Go Release Date, Pokemon Go Remote Access Tool, Pokemon Go Security Fix, Pokemon Go SHA 256, Pokemon Go Sideload, Pokemon iOS, Pokemon iPhone, Pokemon UK Release Date, Pokemon Worldwide Release Date, The Pokemon Company