search

indrora / Atomic

Atomic: an IRC client from the ashes of yaaic
https://indrora.github.io/Atomic/
GNU General Public License v3.0
123 stars 29 forks source link

Atomic is recognized as a Possibly Unwanted Application #29

Closed MickaelBergem closed 10 years ago

MickaelBergem commented 10 years ago

On my Nexus 10 tablet, with Avast as antivirus, I got a warning today for Atomic being a Possibly Unwanted Application (Pircob-F).

It seems Avast is not the only scanner giving a positive result : https://www.virustotal.com/fr/file/eddf376b1d5133df17629ae90c7577c74a2c9d742a08a65c9f5a0f9376e16418/analysis/

Maybe you could contact the guys from Avast & co. to discover why Atomic is seen as malware ?

indrora commented 10 years ago

I suspect it's because of the compatibility layers for older versions of android. From VT:

The studied DEX file makes use of API reflection

application/src/indrora/atomic/irc/IRCService.java line 78:

    @SuppressWarnings("rawtypes")
    private static final Class[] mStartForegroundSignature = new Class[] { int.class, Notification.class };
    @SuppressWarnings("rawtypes")
    private static final Class[] mStopForegroundSignature = new Class[] { boolean.class };
    @SuppressWarnings("rawtypes")
    private static final Class[] mSetForegroudSignaure = new Class[] { boolean.class };

This is referenced in the Android documetation: http://developer.android.com/reference/android/app/Service.html

I'll refactor this later. Honestly, anything signed by the F-Droid signing key should be excluded :-1:

indrora commented 10 years ago

Contacted Avast security team. They're aware of problems like this and shrug it off regularly.