@SkewedZeppelin it’s not a false positive, 13 antiviruses recognize it, not just two.
@Licaon_Kter I know it’s an outdated app, but if 13 antiviruses recognize malware it’s better to remove it from circulation than to distribute it and cause possible damage… there are other apps for the same use anyway.
Open source is not about putting your head in the sand and denying, but about acting and remedying… otherwise we’re like M$.
If I have to have apps with malware I might as well get them from pirate stores.
The other apps I took from F-droid have no malware… but if things change Google would be wise to deny the possibility of taking apps from F-droid… think about it.
If you doubt 13 antivirus then how many does it take to convince you?
Do we want to repeat the XZ story but in a more stupid way?
@Licaon_Kter Have you ever heard of virustotal? It’s a site where you can test whether an .exe or an .apk is malicious with 69 antiviruses, if you’re not convinced by my statements, try it yourself, but I’ll post a photo for you.
@SkewedZeppelin Glad you checked the old way… unfortunately the antiviruses when they find a result don’t explain why.
At the moment I have in mind to strengthen the ClamAV definitions because with only the open source ones it is not of much use.
When I go to “dirty” sites I use a browser on purpose… and the malwarebytes addon occasionally marks something, I just don’t go there anymore, better to be too safe than not enough.
I repeat that the apps I take from F-droid did not have any malware except this one, and I would also add that I scanned the sources with virustotal and no antivirus reported malware, but a lot of tricks are used to load malware.
here they say that Android Agent.BJS! it’s a very bad malware… that creates ddos and loads other malware… but I had already blocked it from accessing the network with NetGuard.
Exactly why I ironically said “Surely you’ve got details from those 13 antiviruses about how and when the bad stuff happens” because we see this all the time false positives name “Generic.Android” or dumber names.
they keep drumming the “other stores malware”, even in the latest EU DMA meeting @hans asked them directly “you say there’s malware, where can we see your data?” and the Google guy made jokes about “Hans from F-Droid? what is this a bot?” but 10 mins earlier the big screen had slides from Google with a phone home screen and F-Droid installed.
Why is this treated as malware? Ask the devs… “for security” reasons Google rejects 99.99% of apps requesting SMS or Contacts permission, so I bet that is it as @SkewedZeppelin tested above
VirusTotals static analysis for domains will automatically resolve to an IP even if the app never actually connects
and common XML schema types in files will have such Google urls in them
they are no indication of any activity
It was nice chatting with more experienced people, now I want to find some other app with telephone issues and test it, understand if it is reported for some reason… which is not a reason.
If an app contacted various IPs that are perhaps not useful for searching for updates it would be sensible, but it is clear that if it contacts Google’s IPs it is not to perform a DDOS.
However, I block all apps that shouldn’t go online from going online, both for my reasons and theirs. If an app doesn’t clearly provide this for “service purposes” then I close it.
Thanks again.
P.S. I made another discovery: it was for statistical reasons, that is, the developer wanted to know if they played it…
this IP (216,239,34,36)is in California, and is connected to malware… but also to statistical domains, as if the two things were confusing one another.
But if you do statistics then if there was malware the two things would appear connected even if they are not.
Maybe it’s better to stop otherwise we’ll sleep badly
But we need to change the title of the post to “everything is now so confusing that those who create definitions for antiviruses think that statistics are a virus”