Pokemon Go is the augmented reality-based (AR-based) game for iPhones and Android smartphones that allow users to pursue their dreams of becoming a Pokemon master.
Developed by Niantic Labs, the guys who made Ingress, the app taps into the smartphone's camera to reveal Pokemon turning up in the real world.
While the game has already been released in the U.S., Australia, and New Zealand, the game is yet to be formally released in India and is witnessing a delayed release in the U.K..
Despite not being launched in India, the game is reported to be fully functional. However special events held by the developers to catch rare Pokemon, like Mewtwo, are not yet available.
About Pokemon Go, before being launched in India, many users are reportedly downloading the Pokemon Go APK file and installing the game. The APK file being downloaded is reportedly not authorised by Google as it doesn't feature in the Google Play Store and could potentially pose a great risk.
Security firm Proofpoint has come across a particular Pokemon Go APK file that reportedly installs a malware called DroidJack that puts sensitive user data at great risk. The malicious Pokemon Go APK file asks users to grant permission that go well beyond what the original app requires.
While the legitimate app asks for access to network data, access to reading and writing on the memory card, sifting through contacts, device location, using the camera and a few others, the malicious Pokemon Go app requests access to sending, editing and reading text messages, modifying contacts, recording audio and more.
According to Proofpoint, the malicious app is identical to the legitimate Pokemon Go app and the malware gives hackers almost complete access to a user's data. Users who've already installed Pokemon Go through a side-loaded APK file can check whether their device has been compromised through the following steps:
First go to Settings -> Apps -> Pokemon GO. From here users can scroll down to the 'Permissions' section where users can verify whether the app requires the additional permissions described above.