Avast flags Android APK files as "suspicious file detected" when plugin is included in APK

storesafe / cordova-sqlite-storage

A Cordova/PhoneGap plugin to open and use sqlite databases on Android, iOS and Windows with HTML5/Web SQL API

Other

2.15k stars 715 forks source link

Avast flags Android APK files as "suspicious file detected" when plugin is included in APK #313

Open xmnboy opened 9 years ago

xmnboy commented 9 years ago

We have an Intel XDK developer that has reported a situation where Avast alerts his app that includes this plugin as being "suspicious." We confirmed this to be the case by doing the following:

install Avast on a test device
build and install a Crosswalk app based on the XDK blank template with no additional plugins; APK is not flagged by Avast
add the sqlite plugin to the above blank template app
build and install that app; APK is flagged by Avast.

The threat descriptor provided by Avast is "Suspicious file detected - APK:CloudRep [Susp]".

The Avast app does not provide any info other than the above string. We were not able to find any additional info online about this string either.

Based on this test it seems that the sqlite plugin is causing Avast to flag the APK.

xmnboy commented 9 years ago

Hang on, we have discovered some discrepancies that cause the issue to show up in our cloud build, but not in a local build. I'll keep you posted as we get more info. Put this issue into your "watching" queue for now. :)

brodycj commented 9 years ago

Hang on, we have discovered some discrepancies that cause the issue to show up in our cloud build, but not in a local build. I'll keep you posted as we get more info. Put this issue into your "watching" queue for now. :)

Thanks for reporting this. We do need to treat any security threats or other issues very seriously, and should watch these kinds of reports carefully.

Also, the Android version is not packaged the best way. I put the native target libs in a jar which can cause problems with certain versions of Android. Better to use something like AAR package instead.

Sent from my mobile

brodycj commented 8 years ago

@xmnboy do you have any more information?

If not I will close this one.

xmnboy commented 8 years ago

Avast appears to be overly eager with their notifications. If you side-load an app there is a high likelihood it will be flagged by Avast, simply because the app did not come from a store AND because the app is not recognized by Avast; which, of course, will be the case for the vast majority of apps that are under development. It is not clear why the situation in the link cited above came about, we haven't seen it since. I suggest you close this issue as a "cannot reproduce" until we find a consistent test case that would justify re-opening this issue.

carlobenj commented 8 years ago

Issue still exist on one of the apps I developed for Android. The app is fully signed but not installed from the Google Play Store. Any workaround yet?

hasMobi commented 8 years ago

It seems that Avast flags apps as such whenever the APK was manually installed through the SD card or through an IDE (Android Studio, Eclipse) attached to the device via a USB cable.

If the app is installed through the Google Play Store after publishing, the warning is not there. So it's not really an issue but just Avast being extra protective.