Pokemon GO fans outside the United States, Australia, and New Zealand are getting impatient. With the international rollout paused in most countries, many have turned to 3rd party sites that carry the game.
In places where the game is georestricted, players have resorted to sideloading the game. This has, in turn, made them into prime targets for malware.
Some modified files of the original Pokemon GO APK were uploaded to shady file hosting services. Some referenced tutorials on how to sideload the game to evade the georestrictions.
Don’t fret as there’s a way to check whether you have installed a clean APK or a modified version containing the Droidjack malware. Here are a few things you can do.
1. Check The Hash Of The Downloaded APK
If the SHA256 hash reads as this:
Your version of the game has been modified and carrying malware.
The original hash from the legitimate application reads:
2. Compare The Permission That Pop-up Before Installation
You can do this by going to Settings > Apps > Pokemon Go > Permissions. Some of the permissions on from the infected app are deliberately asking to read your messages as well as record audio.
There are more ways to identify whether you installed an infected APK or not that can be found on Proofpoint. The modified version’s loading screen is even identical to the original APK.
3. Forego APK, Wait For The Pokemon Go App!
Ultimately, though, to be safe, it would be best to forego downloading any versions of the game at the moment. Patience is a virtue AND can save you and your phone from potential headaches involving malware.
According to Niantic, they are already hard at work on providing a fix on the problems encountered by the game. They have yet to announce a firm date regarding the international rollout of Pokemon GO.