False Positive Virus Detection in APKs with OneSignal SDK[question]:

[bGuom]

How can we help?

We are experiencing false positive virus detections in our Android APKs on VirusTotal and other antivirus scanners. The reports flag our apps as containing "Trojan-Spy.AndroidOS.Agent," specifically when the OneSignal SDK is included. After removing OneSignal from our codebase, the scans show no threats.

We believe this is a false positive detection as OneSignal is a reputable push notification provider widely used in the industry. It is essential to resolve this issue to avoid unnecessary concerns for our users and prevent our app from being falsely flagged as malicious.

Steps to Reproduce:

Build an Android APK with OneSignal SDK integrated. Scan the APK on VirusTotal or other antivirus software. Observe the detection of "Trojan-Spy.AndroidOS.Agent." Remove the OneSignal SDK from the project. Rebuild and rescan the APK. Note that the threat detection disappears.

Additional Information:

OneSignal SDK Version: 5.0.0, 5.99.99 APK Obfuscation: Yes Antivirus Software Used: Virus Total online scan App SDK v: 34

We request your assistance in investigating this issue and working towards a resolution to prevent these false positive detections.

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[jkasten2]

@bGuom I am not able to reproduce this with an APK (from the example project in this repo) with OneSignal-Android-SDK 5.1.17 and uploading it to the https://www.virustotal.com/gui/home/upload page.

Are you still able to reproduce the issue with the same APK?

• If so can you share the report?
• I highly recommend you also ensure the system you built the APK on isn't compromised if you continue to see this

[jkasten2]

We have not seen any other reports of this nor have we been able to reproduce. If you are still able to reproduce this issue and can provide the details above we can reopen this.