Author Topic: Avast mobile for Android keeps scanning random apps that haven't updated ...  (Read 2161 times)

0 Members and 1 Guest are viewing this topic.

Offline ck_03

  • Newbie
  • *
  • Posts: 2
I've become concerned about undetected malware after recently finding that Avast mobile for Android began scanning random apps that haven't updated in a manner suggesting they have.  I intermittently see separate notifications on my LG Stylo 3 phone with Android 7.0 specific to random apps including Amazon Music, PayPal, Google Calendar, and a banking app indicating that were safe to use as if the aforementioned apps had just updated via Google Play Store when, in fact, none of them actually had.  I typically react to these situations by uninstalling and reinstalling affected apps, which seems to prevent recurrence with the same apps.  Auto update is not enabled for native phone apps or on Google Play, and, again, I am not finding recent updates for any of the aforementioned apps when cross referencing info in the Google Play Store.  Is this a simple software glitch, or is something more ominous afoot?

Offline Jeffrey Dungan

  • Newbie
  • *
  • Posts: 6
I'm seeing this too; where sometimes there is a notification that "[X] is safe to use", sometimes after I notice a "Play Services" security policy update (I'm forgetting the exact label, but one of those Google Play things that doesn't necessarily place a notification up top), but not done every time Avast notifies this way

Offline Tereza V.

  • Avast team
  • Advanced Poster
  • *
  • Posts: 844
Hi, we need more details from both of you:
- type of device
- Android version
- names of the apps in question
- did AMS ever alert there was a threat?

Offline ck_03

  • Newbie
  • *
  • Posts: 2
This is now happening with my tablet.  See original post for phone device and OS info.  My tablet is a Lenovo Tab4A10 with Android 7.1.  The apps tend to vary with the latest ones being Snapseed and Merriam Webster Dictionary.  I'm also noticing that the problem actually persists with the same apps.  There is never any alert of a threat.  My main concern is that something could be partially undermining Avast threat detection measures and maliciously modifying code in various apps.  Also, for some reason, Avast mobile security stopped scanning internal storage on my tablet in any apparent way, though I have toggled relevant settings multiple times.

Offline Tereza V.

  • Avast team
  • Advanced Poster
  • *
  • Posts: 844
So the team has investigated this issue and confirmed you can be assured that we scan apps only when system notifies us that some app has been updated. Unfortunately, your issue is something we cannot fix - the apps either update partially without going through Google Play or it is a bug in Android system itself.

Offline DavidGB

  • Jr. Member
  • **
  • Posts: 32
I've been noticing these unexpected notifications from Avast Mobile Security (Pro) too for a while now on my Alcatel 3V phone, and finally decided to look into it, which brought me to this thread.

I've seen this happen pretty much every day with different apps involved, but I specifically noticed the Avast notification an hour ago about FX Explorer being safe as if it had just updated because (a) I have auto-updates turned off, and always watch out for available updates and trigger them manually, which I had not done for FX Explorer, and (b) I have been specifically hoping for an update for FX Explorer as I reported a bug in it to them awhile ago and  have been hoping for a fix.

I can confirm that no update took place. There has been no update in that app since one last year, and the version number in the app on my phone still matches the one in the Play Store entry.

However, I notice from the system notification log that the unexpected 'checked an update and it's safe' notification from Avast Mobile Security for a non-updated app today, and another one for another app yesterday, both came moments after a notification (not displayed in the notification bar) from the download manager about the download of a 'Play security information update'. And I also see that Play Protect also scanned FX Explore today and the other app yesterday.

The notification log doesn't go back further to see if the pattern holds up (though I will look from now on), but it looks as if something in the Play Protect update caused Play Protect to scan those apps at that time rather than just in its regular app scans, and that triggered Avast Mobile Security to scan them too.

If that is the case, the question then becomes: is it actually intended, programmed behaviour that Avast Mobile Security should scan a non-updated app outside its configured regular scan time if Play Protect scans them as the result of one of its own security updates?

If it is, then I would suggest that (a) it should be documented, not left as what at first sight appear to be a worrying bug, and (b) it has its own notification message so it does not appear to be an after-update scan when it wasn't after an update.

Ans if it isn't, and is a bug, then it should be fixed.

Offline Tereza V.

  • Avast team
  • Advanced Poster
  • *
  • Posts: 844
Hi, could you specify whether your devices have any built-in app store (apart from Google Play Store)? - these can also update apps or install other versions.

You can also have a look at the article on https://www.androidauthority.com/android-app-updates-no-account-954639/ (about how preinstalled apps can update without you being even logged in Google Play).

We are really sorry, but Avast Mobile Security starts the scan upon a notification from the system. In other words, there is probably something "unusual" within your OS.

Offline DavidGB

  • Jr. Member
  • **
  • Posts: 32
Hi, could you specify whether your devices have any built-in app store (apart from Google Play Store)? - these can also update apps or install other versions.

My device has no built in app store apart from Google Play. And the specific app example I gave above, FX Explorer (though these Avast scans saying they're after an update when there hasn't been an update occur with many apps), I not only installed from the Google Play Store but also then bought the Pro version in the Google Play store. It has  NOT been updated since I installed it.

Quote
You can also have a look at the article on https://www.androidauthority.com/android-app-updates-no-account-954639/ (about how preinstalled apps can update without you being even logged in Google Play).

Read that now, and it does not apply. This is NOT a pre-installed app. I installed it from the Google Play Store, along with several other file manager type apps, after deciding the pre-installed file manager program was inadequate. After settling on FX Explorer (plus one other) I uninstalled the others and then upgraded FX Explorer to the paid version from the Google Play store. It was not pre-installed, and the Avast saying-it-had-just-been-updated scan was NOT after any update to the app. (And, again, this keeps happening with a whole bunch of apps, I'm just picking ut one example that jumped out at me because I've been waiting for an update to that app.) I DO note quite frequent notifications from Avast that it has just scanned the Google Play Store app itself after an update, when I never ask for the Play Store app to be updated and have auto-updates off in the Play Store settings; but there is actually a separate configuration section in the phone settings specifically for auto-updating the core system and the pre-installed apps, which would include the Google Play Store app, so those did not surprise me. What DOES surprise me is these scans and notifications from Avast for the non-system, non-pre-installed apps.

Quote
We are really sorry, but Avast Mobile Security starts the scan upon a notification from the system. In other words, there is probably something "unusual" within your OS.

I don't think so. As I said, these Avast egregious scans follow Play Protect data updates and subsequent Play Protect scans of the same apps. As I said before, either Avast has been programmed to do its own out-of-schedule scan on the same app(s) if Play protect does an out-of-schedule scan of an app - which would be fair enough, but the wording from Avast should be different as only Play Protect has received a threat update, the scanned app has NOT been updated; or this is a bug where the Play Protect special scan is triggering a matching Avast scan when it shouldn't. Either fix the notification message or the behaviour depending on whether it is intentional or not.

Unless the Avast Mobile Security update I downloaded and installed a few minutes ago has already fixed this bug (I actually came here looking for a changelog of e.g. bug fixes to see if there was anything about this, but can't find one).

I must say that researching this has led me to realise that standard Android and the Play Store actually provide a great deal more protection against malware etc than I had realised - especially the pre-installed Play Protect, which I had not realised was itself a substantial and very frequently updated anti-malware product. Has me wondering how much I really need this paid for Avast product ...

Offline Tereza V.

  • Avast team
  • Advanced Poster
  • *
  • Posts: 844
The Android system notifies AMS about any installed/updated app.
AMS is just reacting by scanning it.
We have no way to know what is the origin of the install/update trigger so we cannot supply a proper message to the user.
We would appreciate if the user could send us a screen capture of said notification so we can investigate it further.

As for the Google Play protect.

Google Play Protect is a great protection tool but it is not perfect.
There is still malware in Google Play that it fails to detect.
Actually Avast (and some other security companies) report malware they find on Google Play to Google.
In the end it is up to the user to decide which scan engine he trusts most and use the provided tools it offers.

We would like to investigate it further and even consult with Google about it, if required, so the screen capture and any device information you can provide (version and manufacturer) will be welcome.

Offline Jeffrey Dungan

  • Newbie
  • *
  • Posts: 6
As a side note, speaking of "unusual updates"... I've also noticed (through a different scanner) that if I reboot my phone(s), even with WiFi/phone internet already turned off before the reboot that there will be a notification of a "Google Play services" update. (And the internet connection isn't turned off every time, it just also happens when it IS turned off...)

[Given that it's a different app reporting this, I don't know the accuracy of the information, but since we're talking about odd update notifications....]

Offline Alexander Erb

  • Newbie
  • *
  • Posts: 2
Hello,

I have the same problem on my Lg g7 Thinq, this message sometimes appears for various apps.
I think this is maybe a issue with android itself, or just with some manufactorers?
But it seems many quite a few people got that problem.



Greetings

Alex