Appendix:Pokémon GO Player's Guide/Malware: Difference between revisions

From Bulbapedia, the community-driven Pokémon encyclopedia.
Jump to navigationJump to search
mNo edit summary
m (punct format)
 
Line 1: Line 1:
'''[[Pokémon GO]]''' has become very popular, incredibly so. For this reason, many people got it on release date.
[[Pokémon GO]] has become very popular, incredibly so. For this reason, many people got it on release date.


There was a problem, however. It was only released in very limited areas. As a result, many people wanted the software early. Then, it got so popular that the servers were slow and froze often. [[The Pokémon Company International]] didn’t want to release the software in any more regions until these problems were fixed.
There was a problem, however. It was only released in very limited areas. As a result, many people wanted the software early. Then, it got so popular that the servers were slow and froze often. [[The Pokémon Company International]] didn't want to release the software in any more regions until these problems were fixed.


It is for these reasons that people downloaded Pokémon GO in less-than-legitimate means. And when people do that, then there are those that want to profit from it by putting potentially dangerous malware into Pokémon GO. This guide will determine whether your version is dangerous, and what to do about it if it is.
It is for these reasons that people downloaded Pokémon GO in less-than-legitimate means. And when people do that, then there are those that want to profit from it by putting potentially dangerous malware into Pokémon GO. This guide will determine whether your version is dangerous, and what to do about it if it is.
Line 9: Line 9:
Before this begins, it should be noted that if you downloaded GO from a legitimate app store (such as Google's [https://play.google.com/store Play Store] and Apple's [https://itunes.apple.com/us/genre/ios/id36%3Fmt%3D8 App Store]), it is almost certainly free from malware. Thus, you do not need to read the rest of the guide. In order to get the bad version, you must have disabled Android security and sideloaded the app.
Before this begins, it should be noted that if you downloaded GO from a legitimate app store (such as Google's [https://play.google.com/store Play Store] and Apple's [https://itunes.apple.com/us/genre/ios/id36%3Fmt%3D8 App Store]), it is almost certainly free from malware. Thus, you do not need to read the rest of the guide. In order to get the bad version, you must have disabled Android security and sideloaded the app.


The first thing to note is the bad version itself. It is afflicted with a tool known as Droidjack. Droidjack gives its controller full control of the phone, and monitors everything that you do on it. Its first known occurrence on GO was a little less than 72 hours after the Australian release, but it’s likely that it happened before that point.
The first thing to note is the bad version itself. It is afflicted with a tool known as Droidjack. Droidjack gives its controller full control of the phone, and monitors everything that you do on it. Its first known occurrence on GO was a little less than 72 hours after the Australian release, but it's likely that it happened before that point.


While Droidjack seems scary, it also leaves behind telltale signs that you can look at to tell if your version is infected.
While Droidjack seems scary, it also leaves behind telltale signs that you can look at to tell if your version is infected.
Line 15: Line 15:
===App permissions===
===App permissions===


Possibly the easiest way to tell is to look at the permissions of the app, which can be found in your phone’s settings. If your version is legitimate, these should be the permissions:
Possibly the easiest way to tell is to look at the permissions of the app, which can be found in your phone's settings. If your version is legitimate, these should be the permissions:
* Take pictures and videos
* Take pictures and videos
* Approximate location (network based)
* Approximate location (network based)
Line 49: Line 49:
* Run at startup
* Run at startup


That’s a long list. In particular if you see anything that makes absolutely no sense to be there or can cost you money, then it’s malicious.
That's a long list. In particular if you see anything that makes absolutely no sense to be there or can cost you money, then it's malicious.


==Verifying if the file has been changed==
==Verifying if the file has been changed==
Line 59: Line 59:
<code>15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4</code> - App using a DroidJack version.
<code>15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4</code> - App using a DroidJack version.


In order to check the hash, you must use a tool from an external source (there’s no method of finding it that’s predownloaded in your phone). There are a few online tools that allow you to do this, one good example being this: http://onlinemd5.com/ (You’d upload the app’s file onto this tool in much the same way you’ve sidedownloaded the app to your phone).
In order to check the hash, you must use a tool from an external source (there's no method of finding it that's predownloaded in your phone). There are a few online tools that allow you to do this, one good example being this: http://onlinemd5.com/ (You'd upload the app's file onto this tool in much the same way you've sidedownloaded the app to your phone).


If the app is malicious, then it can be deleted from the application manager, similarly to any other app.
If the app is malicious, then it can be deleted from the application manager, similarly to any other app.

Latest revision as of 00:01, 15 July 2016

Pokémon GO has become very popular, incredibly so. For this reason, many people got it on release date.

There was a problem, however. It was only released in very limited areas. As a result, many people wanted the software early. Then, it got so popular that the servers were slow and froze often. The Pokémon Company International didn't want to release the software in any more regions until these problems were fixed.

It is for these reasons that people downloaded Pokémon GO in less-than-legitimate means. And when people do that, then there are those that want to profit from it by putting potentially dangerous malware into Pokémon GO. This guide will determine whether your version is dangerous, and what to do about it if it is.

Checking whether the app is malware

Before this begins, it should be noted that if you downloaded GO from a legitimate app store (such as Google's Play Store and Apple's App Store), it is almost certainly free from malware. Thus, you do not need to read the rest of the guide. In order to get the bad version, you must have disabled Android security and sideloaded the app.

The first thing to note is the bad version itself. It is afflicted with a tool known as Droidjack. Droidjack gives its controller full control of the phone, and monitors everything that you do on it. Its first known occurrence on GO was a little less than 72 hours after the Australian release, but it's likely that it happened before that point.

While Droidjack seems scary, it also leaves behind telltale signs that you can look at to tell if your version is infected.

App permissions

Possibly the easiest way to tell is to look at the permissions of the app, which can be found in your phone's settings. If your version is legitimate, these should be the permissions:

  • Take pictures and videos
  • Approximate location (network based)
  • Precise location (GPS and network based)
  • Modify or delete the contents of your SD card
  • Read the contents of your SD card
  • Find accounts on the device
  • Use accounts on the device
  • Full network access
  • View network connections
  • Access Bluetooth settings
  • Pair with Bluetooth devices
  • Control vibration
  • Prevent phone from sleeping

If it has anything else, the game is fake, and almost certainly harmful. In particular, a DroidJack version will have permissions such as:

  • Directly call phone numbers (this may cost you money)
  • Read phone status and identity
  • Edit your text messages (SMS or MMS)
  • Receive text messages (SMS)
  • Send SMS messages (this may cost you money)
  • Record audio
  • Modify your contacts
  • Read call log
  • Read your contacts
  • Write call log
  • Read your Web bookmarks and history
  • Change network connectivity
  • Connect and disconnect from Wi-Fi
  • View Wi-Fi connections
  • Retrieve running apps
  • Run at startup

That's a long list. In particular if you see anything that makes absolutely no sense to be there or can cost you money, then it's malicious.

Verifying if the file has been changed

Another method, though not as simple, involves looking at the SHA-1 hash, which is a unique string of characters that tells whether a file is unaltered. The first string of characters below is the one associated with the legitimate app. The second is one that is known to have been used by a DroidJack version. Both are SHA-256 checksums.

8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67 - Legitimate app.

15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4 - App using a DroidJack version.

In order to check the hash, you must use a tool from an external source (there's no method of finding it that's predownloaded in your phone). There are a few online tools that allow you to do this, one good example being this: http://onlinemd5.com/ (You'd upload the app's file onto this tool in much the same way you've sidedownloaded the app to your phone).

If the app is malicious, then it can be deleted from the application manager, similarly to any other app.


Project Walkthroughs logo.png This article is part of Project Walkthroughs, a Bulbapedia project that aims to write comprehensive step-by-step guides on each Pokémon game.