The Pokemon Go app is all the rage right now. There have been national news stories covering its popularity, the bolstering of Nintendo’s bottom line, participants’ trespassing to catch those coveted creatures, and discussions about young participants’ safety in their quests. Which leads me to another safety discussion that you may not have thought of… Malware. Is that a stretch? Bear with me…

With the entire year of 2016 scheduled to celebrate Pokemon’s 20th anniversary, Nintendo tried to anticipate wild popularity (and download server overload) by staging a regional roll-out strategy. This is common practice in many software/app distributions. A side effect is a chasm between the “haves” and the “must haves, but can’t get until next week”. Those “must haves” might go to extreme lengths to become “haves” before their time, including resorting to obtaining software/apps outside of the Google Play Store/Apple App Store ecosystem. Sometimes with dire consequences!

I read an article on the Sophos website last week describing a “fake” Pokemon Go app that was available in alternate software markets (i.e. NOT Google Play or the App Store) that has a few added “features”. This version of the app is a “malware remix” – a copy of the app with added code. This version is indistinguishable from the original on your device screen, but it has code that watches you through your device camera, tracks you with the GPS chip, and listens to your phone calls. Scary stuff. You can read the entire article here.

While I’m not naive enough to think that malware doesn’t exist within the official software ecosystems of Google and Apple, they try their hardest to identify and pull the offenders they find. We at Qzone recommend obtaining apps ONLY from your respective official app store. And, for additional assurance, consider installing the fine Sophos Mobile Security App available in both Google and Apple stores for free.