Author Topic: Possible False Positive on Android  (Read 2754 times)

0 Members and 1 Guest are viewing this topic.

Offline lanedavisgames

  • Newbie
  • *
  • Posts: 3
Possible False Positive on Android
« on: June 02, 2017, 05:42:05 PM »
Hi Avast!

Our app — Rapala Daily Catch https://play.google.com/store/apps/details?id=com.concretesoftware.rapala&hl=en — appears to have been flagged as suspicious on Google Play. I really think this is a false positive, so would you mind checking it out? On the other hand, if there is something wrong with it, please let us know so we can get it out of there!

Sorry for not just sending this through the submission form, but I'm hesitant to send out APKs. That said, please let me know if there's any other information I can provide.

Thanks! Huge appreciation for all you do.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 61845
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Possible False Positive on Android
« Reply #1 on: June 02, 2017, 06:20:46 PM »
You can report a suspected FP here: https://www.avast.com/false-positive-file-form.php
W8.1 [x64] - Avast PremSec 19.9.2394.B#1 - CC 5.63 - EEK - Firefox ESR 68.3 [NS/AOS/uBO/PB] - Thunderbird 68.3 [EM] - ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31358
  • Watching (over?) you
    • Malware removal, Biljart and other things.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1128
Re: Possible False Positive on Android
« Reply #3 on: June 05, 2017, 09:35:48 AM »
Hi,
I do not think we block this app (https://www.virustotal.com/en/file/c0f040a149296c61e9987ce7a9f70dd6dd16e47374455bd280a450c1bf13f1c3/analysis/). Can you post a printscreen of the detection?

Offline lanedavisgames

  • Newbie
  • *
  • Posts: 3
Re: Possible False Positive on Android
« Reply #4 on: June 05, 2017, 03:28:03 PM »
Thanks for looking into it!

Maybe I communicated the issue incorrectly. Here's what I'm seeing:



It's not blocked, but I'm reliably getting this message that it's been reported as a suspicious app.


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1128
Re: Possible False Positive on Android
« Reply #5 on: June 05, 2017, 04:01:04 PM »
Hi,
I have added these 2 files on cleanset:
sha256: C0F040A149296C61E9987CE7A9F70DD6DD16E47374455BD280A450C1BF13F1C3
sha256: C594C301E54B1BD3C867B8280BD2238CBB5C3BAA137494A7B3F0F2595B280442
Please let me know if you still have issues - if so, can you post a sha256 hash of the apk?
Thanks!

Offline lanedavisgames

  • Newbie
  • *
  • Posts: 3
Re: Possible False Positive on Android
« Reply #6 on: June 05, 2017, 04:56:00 PM »
Hi,

Yep, still having issues. My devices are still showing the "suspicious app activity" message.

The sha256 of our APK is C8D056FC457DB9AC63C025994239229A8C039A0DFADFE79C07E24EFF9403B889

Thank you!

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1128
Re: Possible False Positive on Android
« Reply #7 on: June 06, 2017, 09:48:30 AM »
That's a detection from file with low prevalence. If you are constantly trying to release a new apk, the new hash will have low prevalence and the clourep [susp] will fire.
I gave our Android analyst the cert of apk:

Owner: O="Concrete Software, Inc.
SHA1: F9:D7:77:77:15:50:40:9D:0F:C5:20:29:46:CC:9F:C3:72:E3:A7:89

to add it to cleanset.