Android Question B4A and Avast Antivirus

[pfillion]

Hi,

Yesterday I started to receive errors from Avast Antivirus when I compiled a project with B4A 4.0 that got installed on my device.

Avast reports "1 problem found" in its notification entry. If I go inside Avast by selecting the notification entry, it shows « B4A Example Suspicious file detected - Cloud Reputation [Susp] ». This is with a simple compilation (either debug or release) of a newly created, unmodified project.

Of course, I know there is no problem but was wondering if any of you had the same error. I'm wondering that If I update my app and distribute it to users that runs Avast that they may complains and worst start receiving bad reviews.

I uninstalled Avast and re-installed it. The definition was dated 141111 instead or 150108. I tried the same test and did not receive any warning. As soon as I updated the virus definition file and tried it again, I got the warning. So i know the problem is on their side.

I think that someone from Anywhere Software should check with Avast as to why it detects a suspicious file in B4A projects.

It's hard to get a good ratings for our apps and un-experimented users may report 1 star rating if they happen to experience this same error.

If you have the same error, please let me know.

 

[RandomCoder]

Hi @pfillion I've never experienced any problems with Avast and B4A. I'm currently running on Avast updates 150108 and I have a couple of apps compiled with B4A version 4.
Is it possible that you've not renamed your project and so it's still called B4A Example? Not sure why this would flag up the error though unless Avast have registered suspicious Apps with that same name?

I've been a long time user of Avast and highly rated it, especially the PC version. I used to use AVG but discovered that Avast was much better and actually appeared to be protecting my system.

 

[Cableguy]

False positives are bound to happen... I think that, due to the default generic naming of your project, if any other b4a AND avast user has had a similar file infected or flagged and t no action to de-flag it, then sooner or later alerts of this kind are bound to happen. Report the false positive so that it gets cleanned from the suspicious list.

 

[pfillion]

False positives are bound to happen... I think that, due to the default generic naming of your project, if any other b4a AND avast user has had a similar file infected or flagged and t no action to de-flag it, then sooner or later alerts of this kind are bound to happen. Report the false positive so that it gets cleanned from the suspicious list.

I did reported it. I also tried it with old projects that were previouly OK that have different names and they were also reported. I don't think it's related to the name of the project but maybe a file common to all of them.

I would just need someone else to test to confirm.You are right that it should be cleared over time. Just hope that it will not cause 1 star reviews in the meantime.

 

[Cableguy]

I did reported it. I also tried it with old projects that were previouly OK that have different names and they were also reported. I don't think it's related to the name of the project but maybe a file common to all of them.

I would just need someone else to test to confirm.You are right that it should be cleared over time. Just hope that it will not cause 1 star reviews in the meantime.

It shouldnt because the projecto files are nota what you put on playstore, you put only the apk wich is a modified zip file. If your apk is not flagged by avast, them it shouldn't be any problem.

 

[RandomCoder]

For the first time today I too have had a couple of false positives because I downloaded and tested a couple of samples from the forum last night. One was named B4A Example and the other was AppCombat. I've reported both as false positives.
At least it's nice to know that Avast is doing something in the background!

Although I understand @pfillion concerns, I tend to agree with @Cableguy that this would have been unlike to happen with an actual compiled apk.

 

[pfillion]

I tested it today. Even if I change the package name, it is still detected as a "Suspicious file detected - Cloud Reputation [Susp]". So it's not related to the package name.

I also compiled an APK, then sent it to another test phone I have, that have the same Avast version, and installed it from the SD card. It was also detected as suspicious. So even an APK is detected after installation. So that means that they will get the problem if they install a new APK version from Google Play.

I'm delaying my app update and really see it as a problem... I reported many compiles of different projects as false positive but nothing seems to change on Avast side.

In fact, I installed a build I did 2 weeks ago and it got flagged. I reinstalled my previous version an it did not. Something must be flagged in recent compiles. Otherwise, it would have detected it from old compiles... Or maybe it is something updated in SDK manager... I recently updated the Android SDK Tools, Platform Tools and SDK Build-Tools to the latest version. I downgraded the Android SDK Tools, Platform Tools and SDK Build-Tools and it did not make any difference.

I'm puzzled as to why this is happening...

 

[RandomCoder]

I think that only @Erel will be able to properly answer this one.
Are you saying that it happens with all newly compiled Apps? Or maybe it is only Apps that use a particular library?
My UPNP Browser which I added to the play store last week appears to be OK (https://play.google.com/store/apps/details?id=b4a.upnpBrowser&hl=en_GB), but it only uses a handful of libraries and doesn't require many permissions.
Maybe Avast only flags your Apps as suspicious if using a particular permission?
We really need to try and narrow down what triggers the fault.

 

[Erel]

Nothing special has changed in v4.00 that makes the apps more "suspicious".

 

[pfillion]

I know that nothing special has changed in v4.00 and that it's not directly related to B4A. It was not happening a month ago. I also tried to reinstall v3.00 and it is happening with that version too.

RandomCoder: Can you try this? Install Avast! if you do not have it and make sure you have the latest virus definition. Create a new project, save it, rename its package name and #ApplicationLabel then compile it and run in on your device. Either by pushing it like you do for all your project or by compiling an APK and transfering and installing it on the device. Right after it gets installed Avast will check the app and you'll get the warning. Let me know if you have the same result has me.

I think that I will try to boot an old backup of my virtual dev machine and compile a project to see if it is affected with the problem. Maybe this will guide me to a lead as what's causing this.

I just thought that since it will happen to all the dev that are using B4A that it is worth investigating to find out if something could be white listed on Avast! side to prevent this false positive.

 

[RandomCoder]

RandomCoder: Can you try this? Install Avast! if you do not have it and make sure you have the latest virus definition. Create a new project, save it, rename its package name and #ApplicationLabel then compile it and run in on your device. Either by pushing it like you do for all your project or by compiling an APK and transfering and installing it on the device. Right after it gets installed Avast will check the app and you'll get the warning. Let me know if you have the same result has me.

This appears to be very bad. I did as you said, created a new project under a new name using only a label and no libraries then installed it to my device and it immediately got flagged as suspicious by Avast. I even tried signing it with the debug key instead of my private key and it still got flagged. Looks like something in Avast has probably changed but how do we go about rectifying that?

The app @udg created and uploaded to the 'share your creations' forum also suffers with the problem along with AppCombat which is part of the Android SDK!

 

[jd777]

Just found this thread googling but it seems to be happening all over https://feedback.avast.com/responses/custom-application-on-android also found some guy in the G+ Android Studio tools community with this issue. Maybe if enough people shake the Avast tree it will get fixed. Just throwing y'all a heads up.

 

[Bill303]

I stumbled across this forum after searching the web for a similar issue regarding this error message (Suspicious file detected - Cloud Reputation [Susp]) this error message appears in Avast antivirus software on my developer tablet the application that I'm developing does not require too many special permissions the only thing that I noticed is that my program requires native code in order to function has anyone found a solution regarding this issue.

 

[udg]

Just to add some data, hopefully useful to better define the problem.
My program was compiled with B4A version 3.80 and latest installed Android SDK is 17. Libraries used: Core (3.80), Reflection(2.40), StringUtils(1.02) and my own dgPickers(0.20) which doesn't make use of any additional lib.

After reading all the comments above, I agree with @RandomCoder's statement

Looks like something in Avast has probably changed but how do we go about rectifying that?

BTW, in my born town dialect "Avast" stands for "Enough!", "Stop!", a nice name for an antivirus aimed at blocking threats

 

[pfillion]

Hi,

Just reinstalled my project with Avast updated definition 150114 and it did not detect it as suspicious. Yé!

Avast updated their app but it's not related to the app update because I also tested the same app on my other phone that still has the old version and it reacts the same. So it's not Avast but the definition that seems to be fixed. If anyone can reinstall their app to confirm.

The stange thing is that Avast (the one on the device that I did not update) notification entry still shows 1 problem but if I select the entry to go in Avast I see a green panel saying that all is OK. I had to do a full scan to update the notification message.

Please let me know if it works for you. If your copy is not updated, try to reinstall to see if you still get the message. Update the definition and try to reinstall to see if it still detects it.

Hope that it's all fixed so I can release my update...

 

[pfillion]

It seems it still happen before the update even with the 150114-00 definition.

If you go in Google Play and update Avast, it did not happen again.

 

[RandomCoder]

I can confirm that the nuisance warnings appear to have stopped now.

 

[pfillion]

RandomCoder: You had to update Avast app to the latest version ?

On my secondary device without the app update and with 150115-00 it still happen. On my primary device with the new version of Avast it's fixed.

I guess I will put a note in my release comments to the users to update to the latest version if they have a false positive.

 

[Peter Simpson]

I always use Avast and have done so for years. I will admit that even though I've not had any issues with B4A of its projects, Avast does on some occasion (whilst I'm developing in VS 2013) through up some false positives for no reason whatsoever.

 

[pfh]

The warning from Avast is fired every time I deploy an app to my device. I told the Avast-Guys that the message is a flase positive.
(B4A 4.30, Avast 150429-00)