Author Topic: Problem : "Suspicious file detected - APK:CloudRep [Susp]" log message received  (Read 18917 times)

0 Members and 1 Guest are viewing this topic.

Offline Ryan Cheung

  • Newbie
  • *
  • Posts: 3
Hello,

I built two APK files for my apps.
When I installed and then opened the apps respectively, Avast will check the apps first.
After checking, I found that one APK is checked as safe, however, the other is checked and received a "Suspicious file detected - APK:CloudRep [Susp]" threats log message.
Could anyone tell me what changes of the apps will cause this message ? (e.g. uses-permission, release keystore or something else ? )

Thanks for help !

Offline Ondřej David

  • Avast team
  • Newbie
  • *
  • Posts: 9
Hello,

the APK:CloudRep [Susp] is a warning-like message for applications that are very new/rare/previously unseen in our userbase.

There are various reasons as to why one of the apps is detected and the other is not, the most probable of which is, that the first one has already been installed on a few devices previously, other reasons may include that it has been installed from a trusted source - like Google Play or similar or that the app is signed with a trusted certificate.
It is hard to tell the exact reason for the warning showing only on the one app if we do not have the samples at hand or at least their sha256.

Also if you are a developer, there is an option to disable these reputation-based services in the 'App shield' for AMS4 and 'Settings -> Real-time protection' in the new AMS5.

I hope this answers your question.

Best regards,
Ondrej

Offline Ryan Cheung

  • Newbie
  • *
  • Posts: 3
Hello Ondrej,

Thank you for your reply !

Recently, I built a new testing APK file and then installed it in my phone. However, the log message still occurred.
Please ignoring the possible reasons mentioned by you temporarily (because I cannot test them at this moment), could you please check the testing app (SHA256 : 1dac62209eebd33f65efc9594eb9490e7f971428ea56e232fdb45e5bd05eb5d8) ?

Thanks & Regards !
Ryan

Offline Ondřej David

  • Avast team
  • Newbie
  • *
  • Posts: 9
Hello Ryan,

the issue for the sha you provided should be resolved, it is now marked as clean. It was one of those new/rare/previously unseen samples in our userbase issues.

Also for you, for development purposes, you might consider disabling these reputation-based services in the settings.
Once you publish an official release on play store (or similar), you should not see any such warnings anymore.
In any case you can always report it as a false positive and someone from our viruslab will check it and mark it as clean.

Regards,
Ondrej

Offline Ryan Cheung

  • Newbie
  • *
  • Posts: 3
Hello Ondrej,

Thank you for your reply again !

For my situation, I need to place a APK file on a website for visitors to download.
Hence, I want to avoid displaying this threat log when people installed my app (any APK files exported from my app).
Is there any solution to avoid this checking ? (Providing that my app is already uploaded to Google Play Store and is certificated)

Thanks & Regards !
Ryan

Offline Ondřej David

  • Avast team
  • Newbie
  • *
  • Posts: 9
Ideally send it as a False Positive here: https://www.avast.com/contact-form.php?subject=VIRUS-FILE https://www.avast.com/false-positive-file-form.php or directly throughthe app and we'll process it.

Regards,
Ondrej
« Last Edit: January 13, 2016, 10:42:31 AM by OndÅ™ej David »