Avast flags Android APK files as "suspicious file detected" when plugin is included in APK

[xmnboy]

We have an Intel XDK developer that has reported a situation where Avast alerts his app that includes this plugin as being "suspicious." We confirmed this to be the case by doing the following:

• install Avast on a test device
• build and install a Crosswalk app based on the XDK blank template with no additional plugins; APK is not flagged by Avast
• add the sqlite plugin to the above blank template app
• build and install that app; APK is flagged by Avast.

The threat descriptor provided by Avast is "Suspicious file detected - APK:CloudRep [Susp]".

The Avast app does not provide any info other than the above string. We were not able to find any additional info online about this string either.

Based on this test it seems that the sqlite plugin is causing Avast to flag the APK.

[xmnboy]

Hang on, we have discovered some discrepancies that cause the issue to show up in our cloud build, but not in a local build. I'll keep you posted as we get more info. Put this issue into your "watching" queue for now. :)

[brody4hire]

Hang on, we have discovered some discrepancies that cause the issue to
show up in our cloud build, but not in a local build. I'll keep you posted
as we get more info. Put this issue into your "watching" queue for now. :)

Thanks for reporting this. We do need to treat any security threats or
other issues very seriously, and should watch these kinds of reports
carefully.

Also, the Android version is not packaged the best way. I put the native
target libs in a jar which can cause problems with certain versions of
Android. Better to use something like AAR package instead.

Sent from my mobile

[brody4hire]

@xmnboy do you have any more information?

If not I will close this one.

[xmnboy]

Avast appears to be overly eager with their notifications. If you side-load an app there is a high likelihood it will be flagged by Avast, simply because the app did not come from a store AND because the app is not recognized by Avast; which, of course, will be the case for the vast majority of apps that are under development. It is not clear why the situation in the link cited above came about, we haven't seen it since. I suggest you close this issue as a "cannot reproduce" until we find a consistent test case that would justify re-opening this issue.

[carlobenj]

Issue still exist on one of the apps I developed for Android. The app is fully signed but not installed from the Google Play Store. Any workaround yet?

[hasMobi]

It seems that Avast flags apps as such whenever the APK was manually installed through the SD card or through an IDE (Android Studio, Eclipse) attached to the device via a USB cable.

If the app is installed through the Google Play Store after publishing, the warning is not there. So it's not really an issue but just Avast being extra protective.

[AnkitT28]

In 2024 Im facing same issue Only the Avast is flagged our app. Avast Security detects as malicious
but the google play console and also other Virus scanners not detected anything but the avast is detected app is malicious.
can anyone help me to resolve this issue.
*The All Library is up to date still i'm getting this issue
HELP ME TO RESOLVE THIS ISSUE