I noticed that virustotal detects that some FOSS apps have network communications with google IP addresses.
even though these apps don’t contain a single line of code that communicates with google.
This is an example app
and its virustotal check
A lot of apps have this behavior and I suspect some google opensource libraries like material design.
It could just be from the virtual system that they run the apps in or just from the strings found in it.
1 Like
Ammar64
November 3, 2024, 10:01pm
3
This one doesn’t
It’s in Izzy repo ADB Tool Kits Installer - IzzyOnDroid F-Droid Repository
it doesn’t use a google library and it has INTERNET permission
Why would virustotal systems contact google IPs ?
Because they test the app in the Android Emulator that has a stock system with Google Services… and those contact Google.
The results are not “the app does X” but “the Android system with the app installed does X”.
You can easily test any app, get Netguard, set it to block all, allow some, install that app… look at server it connects to…
Zolidor
November 13, 2024, 8:27pm
6
FYI: Virustotal is owned by Google
2 Likes