Android Question Avast detected Malware in my APP !

[Paulsche]

After an update release on Google Play Store, I get reports from users that my app contains malware.
How can I determine where the problem is?

 

[Widget]

It could be a fake Avast AV program displaying the error after your user visited a website with malware.
https://blog.avast.com/2013/09/11/fake-antivirus-android-application-discovered/
http://news.softpedia.com/news/Avas...-and-Alternative-Android-Markets-269380.shtml

 

[Paulsche]

i have now installed the Mobile Avast Security from Google Play Store and i have now the same Problem
after compile, the installation stops and I get the same message.

With this Update i have integration the Google-Drive Backup with the LibGoogleDrive.
And ArchiverPlusZip.

Now, i remove the Lib ArchiverPlusZip, then the message has change (Att.Picture).

 

[Widget]

Have you done a virus scan on your Windows computer with Avast and MalwareBytes? Maybe you do have a virus or malware on your development machine that has infected your app? Either that or one of the libraries you are using was used by a virus and Avast now flags any program that uses that library.

There a over a dozen online AV scanners that you can upload your Android app to to see if they find anything wrong with it.
https://www.lifewire.com/online-virus-scanners-153148

 

[Erel]

Worth reporting it as a false positive: https://www.avast.com/false-positive-file-form.php

 

[Paulsche]

Now, Avast Desktop found the same Malware after compile, see att. Picture .
I have now install B4A new on a other Notebook and download the Libs from Web,
the same Message from Avast.
I am desperate and do not know what more I can still do, the users rate accordingly bad in the store.

Now, i have contact Avast and hope that Avast can clean the problem !

 

[mindful]

i have now installed the Mobile Avast Security from Google Play Store and i have now the same Problem
after compile, the installation stops and I get the same message.

With this Update i have integration the Google-Drive Backup with the LibGoogleDrive.
And ArchiverPlusZip.

Now, i remove the Lib ArchiverPlusZip, then the message has change (Att.Picture).

The CloudRep that avast is pointing out might be because: the APK:CloudRep [Susp] is a warning-like message for applications that are very new/rare/previously unseen in our userbase.

Please check for more info: https://forum.avast.com/index.php?topic=179031.msg1267196#msg1267196

 

[Paulsche]

Now, i created a small Test-APP and activated only the Libs that in my Big APP.
Avast detected Malware again.

Now, i deactivate "Phone" Library, now the message no longer comes.

I test further

 

[DonManfred]

SideNote: You should update httputils and http lib with okhttputils and okhttp

Earlier or later you´ll run into problems if you continue using deprecated libs

Starting from android 6 httputils will not work anymore.

 

[Paulsche]

SideNote: You should update httputils and http lib with okhttputils and okhttp

Earlier or later you´ll run into problems if you continue using deprecated libs

Starting from android 6 httputils will not work anymore.

Thanks for the info. I have now changed the Libs,
the malware message comes anyway, so that was not the problem.
If I disable the Lib "ArchiverPlusZip", the message no longer comes and the file "Classes.dex" is clean without found Malware.

But now comes the attached message during the installation.

 

[DavideV]

Hi, this last message means that Avast doesn't recognize your app as it is a (i think) new app and it's not in their database. Doesn't mean it has a virus.
Avast (and other) are a very very bad antivirus , i would like to give them -10 starts on playstore ....
As Erel said, send them the form as false positive. I did it days ago but still get this message... maybe one day they will update the database... very bad!

 

[Widget]

If more software developers sued Avast for lost revenues (and future revenues) as a result of their false positives on their software, maybe Avast would confirm a virus exists before throwing up a malware message that could destroy a developer's reputation and possible bankrupt his company.

 

[Paulsche]

My app now has over 70000 downloads and the APP is now badly evaluated. I have Avast now several times, I hope they can fix that. Strangely, my other APP, which I have not updated yet, can be installed in the Play Store without problems. Only if I repackage the new without a change to make, also a message of Avast is recognized.

 

[Paulsche]

Avast has removed the wrong message!
I am happy.

 

[DavideV]

Avast has removed the wrong message!
I am happy.

It seem they has done the same with some of my apps, it tooks some days after the form was sent..

Note that if you install Avast 'after' your apps and do a scan probably they appear 'safe'.
If you reinstall your apps (same app, package and version) via B4A usb adb or bridge they appear as malware. This is probably due to the usb debug installation mode that is considered a risk for your device.

In this case you can try this:
Install your apps (updated or not) via B4A usb/bridge.
Go to settings/apps/Avast and delete data and cache, restart Avast and perform a virus check, the malware should gone...

 

[Paulsche]

Thanks, Just so it is, I'll try this tonight.

 

[Widget]

Avast has removed the wrong message!
I am happy.

I'm glad you got it fixed.

I have a couple of suggestions:

1. I would contact Avast and ask them how developers can prevent this from happening in the future.
2. I would show Avast a link to your app on Google Store and the negative ratings you got from their false positive.
   I would see if Avast is willing to rectify the damage caused to your reputation and lost revenues by having Avast post a notice on the Google Store that Avast generated a false positive and your software was not infected after all. I think that is the least they could do for putting you through a weeks worth of hell.

These are just my suggestions and is what I would do if it happened to me.
If it happened to me and Avast was not willing to correct my damaged reputation, then I would contact my lawyers and seek compensation from Avast through the courts. Avast has to be held liable for damages inflicted by generating false positives otherwise they will never fix the problem. That's my opinion. You may or may not agree with it.

 

[Lee Gillie]

360 Security (under Android) is also detecting my B4A app-in-works when debugging as malware. I see this on both a Samsung tablet and a Samsung phone.

360 Security provides an option to IGNORE messages about any specific app. But if I share my app with anyone, I'm reasonably sure they will see it as malware as well. Much less if this goes further and I want to push it to the play store one day.

For me, this is all recent since upgrading to Android 8.0 under B4A 8.0. I have never seen malware reports on ANY of my B4A work before.

I keep my development workstation clean with Norton.

 

[William Hunter]

I too use Avast on my Android devices. It's weakness is that it only reads permissions to assess whether an app may be dangerous. I get the MAY BE DANGEROUS alert with any of my apps that have Internet access. I just click on Ignore and problem solved. This is not a solution for those having this situation with apps on Google Play. It is not what I would call a false positive. Nor is there something a developer can change in their app to prevent this alert from showing. It's simply a case of Avast not giving consideration to the fact that most users will not see this alert for what it is. It is simply ineffective window dressing.

Regards

 

[Erel]

For me, this is all recent since upgrading to Android 8.0 under B4A 8.0.

It is not related to the B4A version.