The Pokémon Go hype train is in full blast mode and it looks like it won't be slowing down any time soon. Capitalizing on this popularity, a number of fake apps and clones have been popping up in the Apple and Google Play app stores worldwide, especially in markets where the game is not available yet.
Just last week, before the iOS game was officially released in the U.K. on July 14, a suspiciously similar game shot up in the U.K. Apple App Store charts. The game called "Go Catch 'Em All" describes itself a lot like Pokémon Go and even featured screenshots lifted from the official game. Alas, the game plays nothing like the real thing and Apple caught on to the ruse, promptly removing it from the Apple App Store. Since this app was a blatant clone, it's unclear how it made it into the U.K. store in the first place.
Another clone, Citymon Go, was China's most downloaded iOS game last week. The game uses a mascot that looks a lot like Pokémon's Pikachu so it's obviously trying to cash in as well since the official game is not available in China yet.
But these games, although shameless ripoffs, are merely harmless playable clones trying to satisfy the demand for the real game. These kinds of apps will probably peter out once Pokêmon Go is officially released in their respective regions.
The fake Pokémon Go related apps everyone needs to look out for are the ones with malicious intent behind them.
There are already unauthorized Pokémon Go Android apps floating around that you could sideload outside of the Google Play Store (and you probably know how dangerous this practice is). Security researchers at Proofpoint discovered one such unofficial Android version APK of the game that's infected with the remote access malware Droidjack. Thankfully, the fake game never made it into the Google Play store. If your settings disallow app installations from unknown sources, then you're fine.
Don't let your guard down though. Reports say that some malicious Pokémon Go related apps actually made it to the Google Play Store. Security researchers at ESET uncovered at least three apps, namely, "Pokémon Go Ultimate", "Install Pokemongo", and "Guide and Cheats for Pokémon Go."
"Pokémon Go Ultimate" was reported to appear a lot like the official game but locks the user's phone instead. This lockout then requires a full device restart to resolve. Even so, the app proceeds to clicks on porn advertisements while hidden in the background. The researchers say that this type of app behavior could potentially be ransomware if the developers chose to do the extra step of embedding a message on the lockscreen.
"Install Pokemongo" and "Guide and Cheats for Pokémon Go", on the other hand, dangled false rewards like unlimited numbers of game items like Pokéballs and Lucky Eggs to users if they "verify" their accounts. This "verification" would then lead to scareware pop-ups, unauthorized text message subscriptions, scam ads, surveys, and even app downloads.
These Android apps, thankfully, since discovered by ESET, have been removed from the Google Play Store.
So to avoid getting duped by false apps, remember that the official Pokemon Go game is only available through the Apple App and Google Play stores. Even if the game is not available in your region yet, never sideload any versions of the game that are not in the official app stores. It's better to just wait for the official release of the game in your country.
Also, in-game items can only be purchased from the game itself so be wary of any apps that are suggesting otherwise. Apps that are promising easy level ups and free in-game items are almost always fraudulent.
Cheating, use of modified or unofficial software, use of tools to alter or falsify location and selling/trading accounts are also explicitly stated as flaggable on the game developer Niantic's guidelines. Remember, you are risking the suspension or termination of your Pokémon Go account if you violate these terms so please be fair, and most all, just have fun.