Friday, September 16, 2016

Pokemon R00t - I choose you!

Half a million users have downloaded a Pokemon Go app that pwns their phone:
An Android app masquerading as a guide for Pokemon GO players is rooting devices and secretly installing adware and unwanted apps on the user's smartphone. 
The app, named Guide for Pokémon Go, made its way onto the official Google Play Store, from where over 500,000 users downloaded and installed it on their smartphones.

Remember Borepatch's First Law of Security: "Free download" means "Open your mouth and shut your eyes."

 Let's be careful out there.

1 comment:

Rick C said...

It just occurred to me I'd like to hear a bit more specifics about this kind of thing. Presumably they mean temporary root, because on most modern Android phones, they're locked down so you can't get root except via an exploit, and those are usually different for each phone, and frequently require a couple of reboots, running shell scripts from your PC, and so on.

Temp root's not good but it goes away when you reboot.