By Nathan Olivarez-Giles
Google removed a handful of malicious, fake Pokémon apps during
the past weekend. It is another example of developers creating
bootleg apps to take advantage of people caught up in the latest
craze -- and a reminder that you should play it safe when
downloading apps.
Outside of the Google Play store, it is even worse. In
third-party Android app stores, there are more than a dozen apps
posing as either the real "Pokémon Go" or apps that can help
"Pokémon Go" players, according to security researchers. They warn
that many of these will install spyware on phones, collect private
data or deliver spam.
"Pokémon Go Ultimate" was one of the handful of harmful apps
that Alphabet Inc.-owned Google removed from Play. It was flagged
as harmful by Lukas Stefanko , a malware researcher with IT
security firm Eset Ltd.
"When there are popular apps like this it's not uncommon to see
copycat and follow-on apps," said a Google spokesman, who declined
to say how many fake Pokémon apps it removed. "There's a constant
mix of manual and automated app reviews taking place, and when
there are violations the Play team takes actions by either reaching
out to developers to find a fix or pulling an app."
On Tuesday, after flagging three fake Pokémon apps, Mr. Stefanko
said he could no longer find harmful Pokémon-related apps in Google
Play. No Pokémon malware has been found in Apple's app store as of
yet.
With a threat this constant, it is important to follow some
basic steps to stay safe.
Know what you're downloading
When a trendy new app hits the scene, you want to see what the
hype's all about, but make sure you know the name of the app and
who makes it. "Pokémon Go" is made by a company called Niantic Inc.
Don't download any app called "Pokémon Go," that is made by
somebody else.
"Pokémon Go Ultimate" sounded to many like a potentially better
version of "Pokémon Go." But those who downloaded it were locked
out of their phones while the app -- in the background and unknown
to the user -- ran a program that clicked through online
pornography ads, Mr. Stefanko said.
Once hijacked, the only way to stop the app was to either pull
the battery out of the phone or, if the phone doesn't have a
removable battery, log into Google's Android Device Manager website
and remotely restart or erase the phone, Mr. Stefanko said.
Google Play also recently removed an app called "Guide &
Cheats for Pokémon Go," Mr. Stefanko said, which spammed users with
ads to fake services that promised, but didn't deliver, helpful
in-game items.
If you are unsure what a popular app you want to try out is
called, or who makes it, search online for the news about the app,
or visit the developer's website for details, said Andrew Blaich, a
senior researcher at Lookout Inc., a mobile security app maker.
Pay attention to permissions
When you install any app, pay attention to what data that app is
asking for permission to access. In iOS and any recent version of
Android, you'll be prompted about the requests. Apps often ask you
for your location, your contacts list or access to your camera.
If an app is asking for something it doesn't truly need, like
access to your personal email account, that is a major red flag,
Mr. Blaich said. "'Pokémon Go' uses your camera and location to
play the game, so that makes sense," he said. "But if any app asks
for something you're not comfortable with, say no and delete the
app."
Stick to Apple and Google app stores
Malware does still sneak into Google Play -- as "Pokémon Go
Ultimate" demonstrates. But it is still one of the safest places to
install Android apps. Apple Inc.'s iOS App Store has an even more
stringent review process, which happens before apps ever appear
online.
Still, things can change from day to day, Mr. Blaich warned.
"There will always be things that get through security checks
because there are millions of apps coming to Apple and Google and
they have to deal with and check them all out," Mr. Blaich said.
Lookout, Mr. Blaich's employer, flags a few Android apps every week
to Google as malware and the company always quickly takes them
down, he said.
Third-party app stores can be more risky. "When people want to
try out the hot new app, and it isn't available in Google or
Apple's app stores in their country, third-party app stores and
side-loading apps and jailbreaking a phone all look really
tempting," Mr. Blaich said. "But they make you much more
vulnerable. So it's best just to wait until the app you want shows
up in a store you can trust."
Write to Nathan Olivarez-Giles at
Nathan.Olivarez-giles@wsj.com
(END) Dow Jones Newswires
July 20, 2016 08:14 ET (12:14 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Mar 2024 to Apr 2024
Alphabet (NASDAQ:GOOG)
Historical Stock Chart
From Apr 2023 to Apr 2024
