There's also the story that there might be a hacked version of Pokemon Go out there. Sure enough, with anything that popular, those that wish to do nefarious things are apt to want to get in on it. Add in the fact that the roll out of the official version has been slowed or halted, the only way for someone to get their hands on the game for Android was to find an APK and sideload it.
Usually sideloading isn't much of an issue ... if you trust your source. But, just in case you may want to check it out.
There's a couple ways to check if your copy is clean or not.
1 - check the 'hash' of the APK - you can click the link and see what string appears - the clean version will produce:
2 - check what permissions the app is asking for. When you sideload an app there'll be a pop up saying what permissions the app is going to have access to. You have to say 'ok' for it to load up. If anything looks out of place, just say no.
If you have a clean version it'll look like this:
If you have a modified (not so good) version, it'll add in the following:
If you had already installed the app, you can still go into Settings / Apps / Pokemon Go and click the permissions tab and see what's allowed.
Again, this is an instance where a little bit of common sense will definitely have helped you. Why would a game want to access your bookmarks, directly call numbers, etc...
I've checked the version I downloaded from APK Mirror the other day and it checks out okay.
Source: Proofpoint via PhoneArena