Virus - Signal Generator


#1

The fdroid built apk of my app org.billthefarmer.siggen_109.apk appears to contain a virus UDS:DangerousObject.Multi.Generic according to Kaspersky antivirus, both on android direct from your repo and downloaded on a desktop. The directory structure of the resources in the apk is not as per the sources on Github.


#2

The fdroid built apk of my app org.billthefarmer.siggen_109.apk appears to
contain a virus UDS:DangerousObject.Multi.Generic according to Kaspersky
antivirus, both on android direct from your repo and downloaded on a desktop.
The directory structure of the resources in the apk is not as per the sources
on Github.

We received false-positive quite a lot actually, nonetheless we take
such reports quite seriously. You havent added a 109 apk to your
github releases, so it’s hard for me to actually compare them. For
now, looking at the sources (tarballs from your releases page and
our tarball published along the apk), I don’t see a difference:

krt@ubuntu:~/signal/src$ diff -r siggen109fdroid-src/
siggen109upstream-src/
Only in siggen109upstream-src/: gradlew
Only in siggen109upstream-src/: gradlew.bat
Only in siggen109fdroid-src/: local.properties
krt@ubuntu:~/signal/src$ cat siggen109fdroid-src/local.properties 
sdk.dir=/home/vagrant/android-sdk
sdk-location=/home/vagrant/android-sdk
ndk.dir=/home/vagrant/android-ndk/r12b
ndk-location=/home/vagrant/android-ndk/r12b

Right now, I am waiting for the verification server – see
https://verification.f-droid.org/ – to publish details on
the current batch of new apks, inclduing 109 of your app.


#3

Looking at the resources after build, I get a diff as well:

krt@ubuntu:~/signal/src$ diff -r siggen109krt-apk/
siggen109fdroid-apk/
Only in siggen109fdroid-apk/META-INF: 6A91F497.RSA
Only in siggen109fdroid-apk/META-INF: 6A91F497.SF
Only in siggen109fdroid-apk/META-INF: buildserverid
Only in siggen109fdroid-apk/META-INF: fdroidserverid
diff -r siggen109krt-apk/META-INF/MANIFEST.MF
siggen109fdroid-apk/META-INF/MANIFEST.MF
4a5,136
> Name: res/drawable-xxhdpi-v4/ic_launcher.png
> SHA1-Digest: CzSp7Gho3NKZnOe15YedGCmaxLs=
> 
> Name: res/xml/preferences.xml
> SHA1-Digest: EjRBaws3+7WT7XSM0yvUR3+qK6s=
> 
> Name: res/drawable-xxxhdpi-v4/ic_launcher.png
> SHA1-Digest: qy/1OOCZ/WDFelGJK5XDfsi+Ifg=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_previous_item.png
> SHA1-Digest: O6f3A1T4xOSQqVUldAFPWs1Ax2I=
> 
> Name: res/drawable-xhdpi-v4/ic_action_brightness_low.png
> SHA1-Digest: sbtSdv40fmFWq6DLguF7UpPuznQ=
> 
> Name: res/drawable-mdpi-v4/ic_action_brightness_high.png
> SHA1-Digest: HRDqlWTdkLIsbTgcUtFOiXp0lFY=
> 
> Name: res/drawable-mdpi-v4/ic_action_about.png
> SHA1-Digest: pVmZ8y1rYM2hFYLv7uP8+r4JZlQ=
> 
> Name: res/drawable-hdpi-v4/ic_action_previous_item.png
> SHA1-Digest: 22hOl4hxhbk+vXL5yh1q/sikcuo=
> 
> Name: META-INF/buildserverid
> SHA1-Digest: t/QOAdseIiq8biUmA+IlXimwNCY=
> 
> Name: resources.arsc
> SHA1-Digest: LRa6JyZE9jxZpms6Zfgbl+F3RgM=
> 
> Name: res/drawable-hdpi-v4/ic_launcher.png
> SHA1-Digest: BzH9dB/0XrxokFkuSNjTDWv8sas=
> 
> Name: res/drawable-mdpi-v4/ic_launcher.png
> SHA1-Digest: zOfWpx+GFgRhN3P6Hp0usLDyxGw=
> 
> Name: res/drawable-hdpi-v4/ic_action_brightness_high.png
> SHA1-Digest: CBkzLVMgauHlKs3uOwVhHLL5TFs=
> 
> Name: res/drawable-xhdpi-v4/ic_action_slideshow.png
> SHA1-Digest: MCovDJOw5TSziG2wz536S1ZRg4k=
> 
> Name: AndroidManifest.xml
> SHA1-Digest: Zd3F1gX49laLCbo3M/y7fIhaLIc=
> 
> Name: res/drawable-hdpi-v4/ic_action_brightness_low.png
> SHA1-Digest: li7XDfBg7ofEsEYQOt2t+G2ZCGw=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_slideshow.png
> SHA1-Digest: mpn2J+UkxXKGASCCj5Jo9e9c/eY=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_next_item.png
> SHA1-Digest: c25EZH3BjQyHSy++YinAPl3kQmE=
> 
> Name: res/drawable-hdpi-v4/ic_action_about.png
> SHA1-Digest: yIdiXirduC5WEoYnRhvCJ5S7lPY=
> 
> Name: res/drawable-xhdpi-v4/ic_action_previous_item.png
> SHA1-Digest: 0dsU8dFcc2mtwhzv/EDl6N0yNE0=
> 
> Name: res/drawable-mdpi-v4/ic_action_previous_item.png
> SHA1-Digest: hQHJ4uWUXYR/W5HKEfkoL0otUKY=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_brightness_high.png
> SHA1-Digest: wERLg4LM/tMK5EfNrd5Zb7t0/8Q=
> 
> Name: res/layout-small-v4/main.xml
> SHA1-Digest: fVpqrOOWCZs4OgJ2IjzB7MB0reM=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_brightness_low.png
> SHA1-Digest: tMK8s8QgOXWUxzdJ22efGYOs9SU=
> 
> Name: res/layout-large-v4/main.xml
> SHA1-Digest: Hy+NXucWBkYdVuIGeuAb573jXB0=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_about.png
> SHA1-Digest: MMU1wehTi/dRsXVHpm5ip21G74U=
> 
> Name: res/drawable-mdpi-v4/ic_action_settings.png
> SHA1-Digest: o9dPqipHgY2djOX58QKjCdE+IzU=
> 
> Name: res/drawable-mdpi-v4/ic_action_next_item.png
> SHA1-Digest: I11kR9J8D1ym6/6IDHX2g/nVzNc=
> 
> Name: res/layout/about_dialog.xml
> SHA1-Digest: qi4HXRFd7khhCIhnJfwKC5slMIE=
> 
> Name: META-INF/fdroidserverid
> SHA1-Digest: t/QOAdseIiq8biUmA+IlXimwNCY=
> 
> Name: classes.dex
> SHA1-Digest: qbgB39mDkZFUH/6Bj0sHXtlOYYY=
> 
> Name: res/drawable-xhdpi-v4/ic_action_settings.png
> SHA1-Digest: XGEhKHOHnyQM1qMoNhS7IJRDl1U=
> 
> Name: res/drawable-mdpi-v4/ic_action_brightness_low.png
> SHA1-Digest: /2JJ0DWETxPNuBnKsEn2PPYW2hw=
> 
> Name: res/drawable-mdpi-v4/ic_action_slideshow.png
> SHA1-Digest: wDKlQ5qOV4N67M/5HteE0DsZiOQ=
> 
> Name: res/menu/main.xml
> SHA1-Digest: 98z6vFpUr10fbZIj75SFCWtxlhw=
> 
> Name: res/layout/main.xml
> SHA1-Digest: tm8JlUqRqvBIMlu4kIdQVUXoSIE=
> 
> Name: res/drawable-xhdpi-v4/ic_action_about.png
> SHA1-Digest: uCLkfUeHbpuTH89ZBMtXJpAfhS0=
> 
> Name: res/drawable-hdpi-v4/ic_action_settings.png
> SHA1-Digest: nyDVEWIf8IKe5xvKzh9WEsQrg3g=
> 
> Name: res/drawable-xxhdpi-v4/ic_action_settings.png
> SHA1-Digest: oBsdhXUsypgpi/I9H7jcvE4C++c=
> 
> Name: res/drawable-xhdpi-v4/ic_action_next_item.png
> SHA1-Digest: NR4QrPwnbh+SEbVIapOw4Qetu0E=
> 
> Name: res/drawable-xhdpi-v4/ic_launcher.png
> SHA1-Digest: iZumJ/OgZGxPWYkhSTt8y/kr9Sc=
> 
> Name: res/drawable-hdpi-v4/ic_action_slideshow.png
> SHA1-Digest: fYMEE8aPlSGOezE0ADEzv4ICs+w=
> 
> Name: res/drawable-xhdpi-v4/ic_action_brightness_high.png
> SHA1-Digest: z8pz2wEN3RH5NpgtaLQGuFf0iPI=
> 
> Name: res/drawable-hdpi-v4/ic_action_next_item.png
> SHA1-Digest: qB37IvvoMeEjuZF5lSzNL1atssw=
> 

Doesn’t look to serious, and most likely is the same variation you see
on https://verification.f-droid.org/org.billthefarmer.siggen_106.apk.diffoscope.html
for the 106 build. They might be caused by different versions of used
build tools and such, maybe @hans can explain this a bit more in
detail.


#4

I removed the apk from the releases page as it was downloaded from
f-droid and the Kaspersky antivirus app deleted my copy. I don’t sign my
apps, so people who download them can upgrade via f-droid.


#5

I think it must be a false positive. I just rebuilt version 1.09 from my
sources and Kaspersky deleted the release classes.dex file.


#6

I don’t think it is false positive. I was not sure which app messed up my phone I had installed several. One of them was signal generator. I had to factory reset. Reinstalled most of the apps but not signal generator. No problems since then.


#7

Exceedingly unlikely. This thread was about version 1.09, the app is now on version 1.12. Phones get messed up and need resetting for lots of reasons other than viruses, which are designed not to be detected.


#8