Antivirus reports the in-app message sdk as a malware

firebase / firebase-android-sdk

Firebase Android SDK

https://firebase.google.com

Apache License 2.0

2.28k stars 578 forks source link

Antivirus reports the in-app message sdk as a malware #443

Closed guilhermekrz closed 5 years ago

guilhermekrz commented 5 years ago

[REQUIRED] Step 2: Describe your environment

Android Studio version: 3.4
Firebase Component: Firebase In App Messaging
Component version: 17.1.1

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

After adding the in-app messaging SDK to our project, users have started reporting that their antivirus apps are flagging our app as a "malware". We could reproduce this issue with the "Avira Antivirus", which identifies that our app is using the "ANDR.Dowgin.BA.Gen" module. After removing the SDK, the problem is solved.

Is this Dowgin module used internally? Is this a known problem? How can we solve this so we can re-add this SDK to our project?

Relevant Code:

    implementation 'com.google.firebase:firebase-inappmessaging-display:17.1.1'

google-oss-bot commented 5 years ago

I found a few problems with this issue:

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
This issue does not seem to follow the issue template. Make sure you provide all the required information.

vkryachko commented 5 years ago

/cc @MeghaB

MeghaB commented 5 years ago

cc @JasonAHeron Thanks for reporting this - we're investigating, and will update when we have more info.

MeghaB commented 5 years ago

Additionally - are you using other Firebase sdks? (Or is it just the FIAM-Display?)

guilhermekrz commented 5 years ago

Additionally - are you using other Firebase sdks? (Or is it just the FIAM-Display?)

I am using the following firebase dependencies, but note that it only detects as a malware when I add the FIAM-Display sdk; after removing it, it stops detecting as a malware:

    implementation 'com.google.firebase:firebase-auth:17.0.0'
    implementation 'com.google.firebase:firebase-core:16.0.9'
    implementation 'com.google.firebase:firebase-messaging:18.0.0'
    implementation 'com.google.firebase:firebase-perf:17.0.0'
    implementation 'com.google.firebase:firebase-core:16.0.9'
    implementation 'com.google.firebase:firebase-dynamic-links:17.0.0'
    implementation 'com.google.firebase:firebase-ml-vision:20.0.0'
    implementation 'com.google.firebase:firebase-config:17.0.0'

MeghaB commented 5 years ago

Thanks for the extra context, that's really helpful as we dig in!

guilhermekrz commented 5 years ago

No problem, let me know if you need anything else!

guilhermekrz commented 5 years ago

Hi, any update on this issue?

MeghaB commented 5 years ago

So unfortunately, this antivirus tagging notes that 'this displays in-app messages that may be used for ad targeting.' As this is a legitimate use for FIAM, while it sounds scary (that it's identified as 'malware'), there's nothing we could change here and still allow FIAM-display to work.

However, both the FIAM-display SDKs are open source - it might be reasonable to attempt to fork those repos and incorporate the UI into your apps directly. Not positive on the details on how the virus detector determines 'UI that could be used for ads,' but that might solve it.

guilhermekrz commented 5 years ago

Ok, thanks!