Other Google with its Antivirus engine, pose a serious threat to Android Developers

incendio

Well-Known Member
Licensed User
Longtime User
Hi guys,

I just lost my developer account because Google accused my app posted in Play Store as a malware.
They didn't give any warning, just emailed me that my developer account has been terminated due to their malware policy.

Previously, this app considered as a safe app, Play Store accepted it.

One day, I made an updated version then submited again, and suddently it became a malware.

I have also submitted this 'malware' version to online app scanner, virustotal.com and metadefender.
On Metadefender, 1 engine has a warning that it could send SMS, others engines passed. My App doesn't touch any SMS functions, so I guest it was a false alarm.
On VirusTotal.Com, it passed all engines.

I have also insttalled AVG on my phone and let it scanned my app and it was OK.

My App is a bussines app that records users transactions such as sales, purchase, etc and send the data to Cloud Server with jRDC2.

I reverted back all the updated codes, one by one to the last version that considered safe with Play Store, and uploaded it one by one to Google Drive until find out where is the codes that made Google started treated it as a malware.

I uploaded to Google drive because I assume that they have the same engine with Google Play.

When I found that lines of codes, it was totally not made sense for me.
Here is the code that considered safe with Play Store
B4X:
' codes on Main'
Sub Process_Globals   
    Public kvs As KeyValueStore
End Sub

'codes in Starter'
Sub Process_Globals
    Public rp As RuntimePermissions
    Public RptParams As Map
    Public PUB_InstDir As String
    Public Provider As FileProvider
End Sub

Sub Service_Create
    PUB_InstDir= rp.GetSafeDirDefaultExternal("")
    Provider.Initialize
End Sub

Sub Service_Start (StartingIntent As Intent)
    Main.kvs.Initialize(PUB_InstDir, "datastore")
End Sub

Here is the codes that considered as a malware
B4X:
' all codes on Main and other remain the same'
Sub Service_Start (StartingIntent As Intent)
    Main.kvs.Initialize(File.DirInternal, "cfg")
End Sub

When the file location of KeyValue object changed, Google treated it as a malware.
I made a small app that changed the location of Key Value object and uploaded it to Google Drive, and it was OK.
So, it was unique to my app only.

For me it seem that it was a false alarm. I have submitted all arguments to them, but they still refused to accepted it. They kept hide behind their malware policy.

I don't, how, lot of applications could passed Google Anti-Virus engine.
Could it be that there is something in B4A that triggers this false alarm?
Any suggestion, what should I do?

There is other more serious danger than this. It's called Play Protect.
This is an anti virus software from Google, pre installed in every phones/tablets running Android OS and default mode in On.

It runs in background and scan ALL your app in phones/tablets periodically.
When it decided that an app is a malware/virus, it will deleted without any confirmation at all.

Imagine if there is a company, built an in house app use for private only. This app collects datas and stored it on its internal drive before send it to company's server. Suddently, Play Protect treat it as a malware and delete the app and all data.

To me, it seem that Google want TOTAL Control over Android OS. When they installed Play Protect, it didn't ask for user permission, and when it deleted app, also without user permission.

It was already happen to me, my app suddently vanished.
Funny things is, after that I insttaled again and run a scan with Play Protect manually. Now it was considered safe, fews hour later, scan again with Play Protect, still considered safe, don't know if scan again later.

What is the right do they have to delete an app based on their eradic engine?

Yes, Play Protect can be turn off, but it will give bad impression to users, they might think that there is something wrong with your app.

What do you guys think about this? Are there any action we can take againts this ?
Can we protect app made by B4A so it won't be deleted without confirmation from users?
 

AnandGupta

Expert
Licensed User
Longtime User
I told Google that theirs anti virus has a bug & offered the source codes but they simply didn't care.
You are talking to an automated system apparently, I believe.

All these negatives of Google Play store and more has made developers from India to request the Government to create our own store. But yes since Google controls the Android OS, they control all in it and can do whatever they like.

It just makes life of a small time developer a mess. I think I have to spent more time in banging my head with Google than using my head to develop one app, if ever I dare to upload my app to Google Play.

Regards,

Anand
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
You are talking to an automated system apparently, I believe.

All these negatives of Google Play store and more has made developers from India to request the Government to create our own store. But yes since Google controls the Android OS, they control all in it and can do whatever they like.

It just makes life of a small time developer a mess. I think I have to spent more time in banging my head with Google than using my head to develop one app, if ever I dare to upload my app to Google Play.

Regards,

Anand
From the response I got, I believe I was talking to real person.

He is from Google Developers Team.
 
Upvote 0

Diceman

Active Member
Licensed User
There is other more serious danger than this. It's called Play Protect.
This is an anti virus software from Google, pre installed in every phones/tablets running Android OS and default mode in On.

It runs in background and scan ALL your app in phones/tablets periodically.
When it decided that an app is a malware/virus, it will deleted without any confirmation at all.

Imagine if there is a company, built an in house app use for private only. This app collects datas and stored it on its internal drive before send it to company's server. Suddently, Play Protect treat it as a malware and delete the app and all data.

To me, it seem that Google want TOTAL Control over Android OS. When they installed Play Protect, it didn't ask for user permission, and when it deleted app, also without user permission.

It was already happen to me, my app suddently vanished.
Funny things is, after that I insttaled again and run a scan with Play Protect manually. Now it was considered safe, fews hour later, scan again with Play Protect, still considered safe, don't know if scan again later.

What is the right do they have to delete an app based on their eradic engine?

Yes, Play Protect can be turn off, but it will give bad impression to users, they might think that there is something wrong with your app.

What do you guys think about this? Are there any action we can take againts this ?
Can we protect app made by B4A so it won't be deleted without confirmation from users?

Apparently Google thinks it owns your phone where it can damage it by preventing your apps from working. What would happen if these were medical or EMS apps where patient lives were at risk if they suddenly stopped working? A hospital could have hundreds of apps monitoring patient status and if they all shut down, there would be lawsuits flying. This is what happens when someone has a monopoly on store sales. Absolute power corrupts absolutely.

I think they need a good class action lawsuit up their keester. What does the EU think about this? Because they usually protect user software rights a lot better than Americans.
 
  • Like
Reactions: udg
Upvote 0

omarruben

Active Member
Licensed User
Longtime User
so.. LETS CREATE A COMMUNITY that offer safe apps, without Google Play , and make a campaign of trust.... lately these big companies are becoming paws of politicians..
 
Upvote 0

Jeffrey Cameron

Well-Known Member
Licensed User
Longtime User
I quit using Google services for anything important back in 2018 when they quietly dropped the "Don't be evil" from their motto. Now, it's the more ambiguous "Do the right thing," but right for whom? I think the answer to that question will always be "Google."
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Apparently Google thinks it owns your phone where it can damage it by preventing your apps from working. What would happen if these were medical or EMS apps where patient lives were at risk if they suddenly stopped working? A hospital could have hundreds of apps monitoring patient status and if they all shut down, there would be lawsuits flying. This is what happens when someone has a monopoly on store sales. Absolute power corrupts absolutely.

I think they need a good class action lawsuit up their keester. What does the EU think about this? Because they usually protect user software rights a lot better than Americans.
That was exactly like I thought.

The concept of Play Protect is good, but the implementation is very bad.

It decided all of the actions by itself without human interaction, very dangerous.
 
Upvote 0

Martin Larsen

Active Member
Licensed User
Longtime User
Oh how I know the feeling. My app got suspended on an early stage (internal testing) because it contained harmful Covid-19 information. Well, it had a news item stating that the office was closed due to Covid-19 restrictions, that's all. But I was nearly kicked out of Google Play because of that.

It runs in background and scan ALL your app in phones/tablets periodically.
When it decided that an app is a malware/virus, it will deleted without any confirmation at all.

Well, this is actually not the case. I use Cerberus - sideloaded because Google's updated policies didn't allow it's core functions such as sending stealth SMS'es with location data if they phone got stolen etc. Play Protect consistently warns me about "the virus" but it doesn't delete it. It has been like that for a couple of years.
 
Upvote 0

Diceman

Active Member
Licensed User
Oh how I know the feeling. My app got suspended on an early stage (internal testing) because it contained harmful Covid-19 information. Well, it had a news item stating that the office was closed due to Covid-19 restrictions, that's all. But I was nearly kicked out of Google Play because of that.

Thankfully the people at Gogle Play stopped the harmful information from spreading. No telling how many people could have gotten infected with the "Hours Virus". We would have had an epidemic in "No Time" at all. ;)

Here is what one of the nasty viruses look like under a microscope. (I bet you thought it was a sphere with spikes on it, didn't you?) As you can see from the magnified image below, my mouse accidentally touched the infected sign and is now in quarantine. ?

DailyHoursVirus.png
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Oh how I know the feeling. My app got suspended on an early stage (internal testing) because it contained harmful Covid-19 information. Well, it had a news item stating that the office was closed due to Covid-19 restrictions, that's all. But I was nearly kicked out of Google Play because of that.



Well, this is actually not the case. I use Cerberus - sideloaded because Google's updated policies didn't allow it's core functions such as sending stealth SMS'es with location data if they phone got stolen etc. Play Protect consistently warns me about "the virus" but it doesn't delete it. It has been like that for a couple of years.
I experienced that my app was automatically removed by Play Protect from my own phone.

It also happened to my customer phone, so no doubt that Play Protect can do that.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Was it sideloaded? Maybe Play Protect doesn't remove apps you have installed from the APK file.
It was installed from APK file
Screenshot_20210324_154520.jpg
I can pinpoint the exact line of code when their engine began to treated my app app as a malware.

I have offered them the source codes of my app, but they simply didn't care.
 
Upvote 0

Martin Larsen

Active Member
Licensed User
Longtime User
Maybe Google somehow acknowledges the Cerberus app - afterall, it was a popular and well-renowned app on Play Store before the policy changes threw it out. At least it doesn't anything else than warn me about it. Which is good, because it is a very useful app.

It is somehow the same case with Tasker - a new app wouldn't get the massive permissions that Tasker needs to work. Google probably knows they would get a shitstorm if Tasker was removed.
 
Upvote 0
Top