The F-Droid build of AfWall 4.0.2 made 5 engines on VirusTotal go crazy:
The build directly from github was fine on the other hand.
The developer of AfWall suspected a false positive because of gcc static compiled binaries and released a new version with NDK binaries. But he had no explanation for why his build didn’t trigger any engines, while the F-Droid build did. More context here:
There was no issue with 4.0.1 and 4.0.3 from F-Droid, by the way.
Anyone with more expertise than me care to investigate? Is it possible that the build process from F-Droid got compromised?
I mean yeah, 4.0.3 seems to be clean, but unfortunately I installed 4.0.2 from F-Droid before finding out about the virustotal reports, and my phone behaved strangely after that (first no networking, then boot loop after restart), so that’s why I am kinda worried.
The loop stopped after denying root access to afwall, but I’m not really trusting my phone at the moment.
The build process is automated, from the upstream source. Looking at that issue most things were explained.
When testing an APK on virustotal make sure to make a fresh test, a “rescan now” basically, so it does not use past results for one APK and current results for another. Antivirus data changes hence results change with time (better or worse).