6

In some countries, the game isn't launched officially yet, but this is getting vastly popular as people are downloading from links containing APK files. I suspect that it is possible that the file contains malwares. How to check for it? What permissions that the app asks should I suspect?

Benoit Esnard
  • 14,694
  • 7
  • 69
  • 69
one
  • 1,821
  • 3
  • 22
  • 47

2 Answers2

9

As Alexander pointed out in the comments, checking permissions alone is not a reliable way to determine whether an APK is trustworthy or not. Especially not for an app like Pokémon Go, which is going to require a wide array of permissions in any case.

If you are forced to download an app from an unofficial source, one of the smartest things to do is to get it from a trusted source. The best thing would be if you had a real-world friend or family member with a Google Play account linked to a country where the app is released. That person could install the app from Google Play, copy the APK from their phone, and send it to you. This way you know you have a real, untampered APK, just like the original developers distributed it. Obviously, it is not often that you have such a friend, so on to the next option.

Apkmirror.com is run by the same people behind AndroidPolice.com, one of the biggest Android news websites. All uploads are manually vetted and approved, and only free apps are allowed so you won't find any 'cracked' APK or 'warez'.

As you already have the Play Store installed, only an APK signed with the same key as the currently installed version will be able to upgrade the app so this is an extra verification of the APK you download. Therefore, if you download the app from Apkmirror.com you should be safe.

APKmirror use both MD5 and SHA1 and they have gradually built up a solid reputation over years. I'm not aware of any confirmed case of a compromised APK on their site. Of course, it may plausibly still happen, but even the Play Store is not completely safe from all malware. APKmirror manually checks each APK.

Attribution for part of the section on apkmirror.com.

Community
  • 1
Fiksdal
  • 3,117
  • 3
  • 20
  • 29
1

TheHackerNews reported this to be true here.

Security firm Proofpoint has discovered the malicious app, or APK, that has been infected with DroidJack – a Remote Access Tool (RAT) that can hack any Android device by opening a silent backdoor for hackers.

And they also talked about Pokemon GO granting itself full access to your google account here.

Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad.

With that in mind, i would follow Fiksdal's tips to be on the safe side.

kung
  • 1,469
  • 2
  • 9
  • 9
  • 2
    The Google full access thing has been fixed now - v1.01 for iOS doesn't ask for full permissions. –  Jul 14 '16 at 07:50
  • @Fiksdal Yes you are right, the game are distributed via third parties who inject malicious code into the game, but since the game only released in so few countries, a lot of people reside to download the game through these third parties. And the question also said "In some countries, the game isn't launched officially yet". – kung Jul 14 '16 at 08:00
  • @Fiksdal , I was looking at file permissions of Pokemon Go in one of my friend's phone. There was one permission which was : "Write/Delete to USB storage". Isn't it suspicious? – one Jul 14 '16 at 11:17
  • @one Where did your friend download Pokémon Go from? Where did he/she download it? I have installed it from APKmirror, and on my phone it needs to "read/modify/delete the contents of your SD card". Is that what you're talking about? Looking at Pokémon Go at Google Play, I can see that the official APK also needs access to device storage. – Fiksdal Jul 14 '16 at 11:42
  • 1
    @Fiksdal yes, it was an apkmirror link. I checked and as also as you mentioned that official APK also needs access to device storage, it is settled. – one Jul 16 '16 at 16:47