SuperSU flagged as PUP

[ticktock666]

I have a rooted SG-Note2 , and I use the SuperSU application for my root permissions

Today, avast started reporting it as Lotoor-PUP

I'm sure it's clean, and other users @ xda forums are reporting the same, so please fix it

I'm assuming it's something like in this thread : http://forum.avast.com/index.php?topic=126811.0

Avast version : 2.0.4993
Definitions : 130629-00

[ds47uk]

I had the same problem yesterday, but didn't uninstall Avast - just let it carry on flagging it. Today the problem seems to have gone away so I assume that Avast have pushed out a new virus database during the night (UK time).

[ChainfireXDA]

It seems the latest updates has removed SuperSU from the malware list.

That's too little too late though. Avast!'s dubious marking of SuperSU as malware has already caused several dozens of 1-star reviews on SuperSU, a drop in average ratings, lost sales on SuperSU Pro, etc. Real money and rep has been lost over *your* mistake.

Inexcusable for an app that actually *uses* root.

So what exactly are you guys going to do about this (in say, the next 48 hours) ? Removing it from the list is certainly not going to cut it.

[cooby]

Just to clarify:
While the subject is the same, the Superuser app I discussed in that other thread is this
com.noshufou.android.su-46-3.1.3.apk, just an older version
and not Chainfire's SuperSU
https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en

Regardless, Avast's detection error makes sense, as superuser can be dangerous, but my main complaint is/was that when a warning appears there is no option to trust it.

[ticktock666]

@cooby

I know it was a different software in your thread, I used it as a reference to show this is not the first time such thing happened

as of now I'm still having Avast showing SuperSU as malware (in the threats window), current DB version 130630(00)

[Lisandro]

I'm still having Avast showing SuperSU as malware (in the threats window), current DB version 130630(00)

You can use http://www.avast.com/contact-form.php for reporting potential false positive (archive or site wrong detections). Thanks.

[ChainfireXDA]

@cooby

I know it was a different software in your thread, I used it as a reference to show this is not the first time such thing happened

as of now I'm still having Avast showing SuperSU as malware (in the threats window), current DB version 130630(00)

Interestingly, it's showing nothing for me with the same DB version. Popped up warnings with 629.

[ChainfireXDA]

Regardless, Avast's detection error makes sense, as superuser can be dangerous, but my main complaint is/was that when a warning appears there is no option to trust it.

No, it does not make sense. Avast is claiming it is a specific certain type of exploit/information stealer, which is simply not true. If it was claiming using root access is a potential security risk, that could be a defendable position, but that's not what it's claiming. This specific warning and root access possibly being dangerous are two completely separate and unrelated things, that coincide merely by chance in this case.

[svehlak]

Sorry, can not reproduce with any version of SuperSU. On all Samsung devices we have (Note II incl.) the scanner is not showing any problem. In such a case, it could be caused some rooting methods, which, in some cases, are done with suspicious exploits, but anyway, until the APK does not contain malware it should not be detected. Officially we do not support custom ROMs and rooted devices, which is hardly good response to false detection though; we deployed a new clean set with SuperSU versions and will try to avoid next issues like this, sorry for that. I checked our release versions of VPS - there is an old detection as a PUP for old superuser application beeing installed on newer devices (where SuperSU should be instead), but nothing more. Thanks for understanding.

[svehlak]

Sorry, can not reproduce with any version of SuperSU. On all Samsung devices we have (Note II incl.) the scanner is not showing any problem. In such a case, it could be caused some rooting methods, which, in some cases, are done with suspicious exploits, but anyway, until the APK does not contain malware it should not be detected. Officially we do not support custom ROMs and rooted devices, which is hardly good response to false detection though; we deployed a new clean set with SuperSU versions and will try to avoid next issues like this, sorry for that. I checked our release versions of VPS - there is an old detection as a PUP for old superuser application beeing installed on newer devices (where SuperSU should be instead), but nothing more. Thanks for understanding.

Dear Chainfire, I really understand your dissappoiment and I am sorry for troubles, but the PUP detection does not mean that the application is malware - many users have PUP set off (they are the users which use mostly rooted devices and custom ROMs&launchers), so this is kind of user behaviour we can not affect very much. Still, as I wrote, we will try to avoid such a problems. If you have any suggestions for other apps of yours, please do not hesitate to drop me an email. Thanks.

[ChainfireXDA]

I didn't see your reply there. Thank you for responding.

According to my info the message only popped up for a period of about 12 hours around the time of the opening post. I've not received any emails about the problem since the 630 definition update.

"s**t happens" sometimes, mistakes are made, if it doesn't happen again, no problem. I might have reacted rather harshly, but dealing with about a hundred emails (even in that short time), not to mention forum posts and 1-star reviews, is not my idea of a fun Saturday night / Sunday morning.

As for PUP not meaning malware, that's all well and good, but this is apparently not how your users see the popup - else they wouldn't email me about it. Perhaps the PUP popup could express this more clearly ?