Where to report potentially problematic packages?

The app in question is SMS Matrix. VirusTotal has labeled it as “SUSPICIOUS”, not definitively problematic, which could mean I contributing FUD unnecessarily, which is why I didn’t include the app name in the title and also include this note and similar ones as part of the GitHub issue.

Speaking of, I did create an issue on the project’s GH page but the last update the app received was 2 years ago and the last issue created prior to mine is 7 months old so it appears that it may be abandoned. As such, I didn’t want to wipe my hands of it just yet / I felt the need to bring it to the attention of the good folks at F-Droid.

I won’t go into the whole song and dance, just check out the GitHub issue I created but in addition to that, here’s the VirusTotal link highlighting the 6 red flags found upon scanning the SMS Matrix APK (v.0.0.16), one of which has Trojan in the name… I know occasionally VT can raise flags where there is no need for concern but that strikes me as something difficult to explain away. I, for one, have uninstalled the app until I or someone else is able to confirm or deny the suspicions raised by VT. If you could let me know by DM or at the email left on the GitHub issue I created, I’d appreciate it immensely!

ATTENTION: SMS Matrix labeled "Suspicious" per VirusTotal - several flags raised upon APK scan · Issue #86 · tijder/SmsMatrix · GitHub

PS - hyperlinks galore, added for your convenience :stuck_out_tongue_closed_eyes:

Not sure if it’s flagged because its behavior. It receives an SMS and do some action which looks like a trojan. The source code is quite simple though. SmsMatrix/app/src/main/java/eu/droogers/smsmatrix at master · tijder/SmsMatrix · GitHub