Your library in maven is causing a security threat

[albertovelazmoliner]

Hi,

Your library looks fantastic, but unfortunately, I cannot use it. Your sample app in this repo works fine, but when I'm adding this dependency to my build.gradle in a new brand project:

dependencies {

    ...

    // Provides the utilities needed to use Vico in Jetpack Compose.
    implementation "com.patrykandpatrick.vico:compose:1.6.2"

   ...
}

I'm getting this alert. First time I'm seeing this alert

Maybe the artifact in maven is corrupted or infected. Thanks again for your library 👍

[patrickmichalik]

Hello! Thank you for the kind words. This warning, generated by Avast Antivirus, is a false positive. There have been instances of a similar error occuring for Google Allo, among other apps—see here. All Vico artifacts are scanned for security vulnerabilities. Here are the scan results for the latest version of the compose module, which confirm that it contains no known vulnerabilities.

[albertovelazmoliner]

Hi again, It's happening only in real devices, not in the emulator, and I don't have installed Avast Antivirus. We're doing some POCs as we want to use this library in our app, but this security threat concerns us a little bit. Our app is going to manage real money 😅 Update: Yes, I'm testing in a Huawei device. Some of our users have Huawei devices, so I'll need to check if I can remove this alert on those devices. Thanks for fastest answer ever on an issue on Github 👏

[patrickmichalik]

To clarify, it is my understanding Avast Antivirus is pre-installed on Huawei devices and powers EMUI’s vulnerability detection. You wouldn’t have to install it to see such warnings. Unfortunately, like any other piece antivirus software, Avast Antivirus can sometimes identify harmless files as unsafe.