Our app is flagged as trojan by Avast

In the last few days some antivirus, all empowered by Avast, are reporting our app (Smart Launcher) as malware. People get a warning from their antivirus and they are suggested to immediately remove our app.

It’s a false positive of course, other antivirus do not report the problem and we didn’t recently introduce new libraries in our app (we are working on an update, we didn’t even update the stable version in the last weeks).

Of course, not everyone uses an antivirus on Android, so this may seem not like a big issue. The problem is Avast empowers many security software preinstalled on all the mail Chinese manufacturers (Xiaomi, Huawei, Realme, Oppo).

This is causing some huge problems. It’s not only about uninstalls and negative reviews, for an indie dev company like ours, being labeled as malware is the most defamating insult we may imagine.

We tried to contact Avast and we got 2 replies but still no concrete help (here are our statements on twitter).

I can’t believe Antivirus companies are allowed to make similar mistakes without worrying about the damage they may cause.

I tried to search for similar cases but I didn’t find much. Do you know similar cases and how they managed the problem?

Welcome to the club

https://twitter.com/EasyJoin_dotnet/status/1536372101451481093

https://twitter.com/EasyJoin_dotnet/status/1495675240344600576

https://twitter.com/EasyJoin_dotnet/status/1494247002552606721

https://twitter.com/EasyJoin_dotnet/status/1494245076012355588

https://twitter.com/EasyJoin_dotnet/status/1267786059183775746 (Edge browser consider malware when there is a link to download an msi file that is not signed)

https://twitter.com/EasyJoin_dotnet/status/1159127421335089157

https://easyjoin.net/faq.html?14

It’s a false positive of course

Are you sure? The definition of malware is pretty broad, from Wiki:

Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user’s computer security and privacy.

My guess is that Avast has very strict policy for launchers, since they can potentially track user’s behavior in the whole system (unlike standard apps). You could review how much network traffic you are doing, if user’s data are secure, if user is informed that you are collecting their data, etc. Assuming you aren’t intentionally doing anything bad, and you libraries aren’t either.

But of course it’s fucked Avast doesn’t communicate with you.

I had this problem once with one of my apps. If you are sure that it is a false positive, then you can report this and they will correct it within a few days. At least that happened in my case.

The power of these antivirus apps is horrible, they can destroy an app, they don’t contact the app developer, you have to take action and hope for the best.

It took about a week in my case. Really frustrating and not good. These antivirus companies should have a much faster, guaranteed response to false positive reports.

They must not like having competition in the data selling game. (Not suggesting that Smart Launcher sells data, only that Avast erroneously aligned you with products that do)

TL:DR

Avast got caught selling user data. They show up on my screen more than a website with popup adds. I spent a morning fixing a laptop that had 1600 Avast processes running. They got caught selling user data. They pulled advertising from a site that gave them ONE bad review. Oh, and they got caught selling user data.

​

https://www.safetydetectives.com/blog/avast-scandal-why-we-stopped-recommending-avast-avg/

​

After recently reconnecting myself, I’ve been researching whether a free antivirus is worth getting. I was in the middle of doing some final glances at reviews I’ve been looking at when this randomly showed up in my notifications. Honestly having a site promote Avast as a number one antivirus in 2022 turns me off to the entire rest of their list. If they can promote them without any mention of the problems with the company, I don’t know how much I can trust anything they say.

:EDIT: Oops this bit is actually about Avira, the other program that is promoted if Avast is not. They are personally just as problematic. In my excitement and with the similar names, I conflated the two.

~~Avira shoves its presence and a paid service into your awareness constantly. On my Pixel it persists through permanent notification, after doing almost anything, to run device optimization to free RAM and clear cache, except it doesn’t display it like that. It runs 3 or 4 other checks and then tells you it will fix them, does what I could do easily do myself, and with an autoclicker, do more efficiently. Then it asks your to pay for them to do the rest. Every page and option is like that. I understand that free antivirus needs to promote users to upgrade, but it’s the difference between a truly free app that displays unobtrusive banners and sells or offers an ad watch to get premium currency for cosmetic upgrades; and a “free” app that shows you an ad after every 4 menu options, is hard to close out of, and keeps running in the background after a full stop close of the program. Anecdotal story two was when I had installed it I got around to getting a couple years worth of updates for Windows, What I found out after a very long morning fighting with a very old laptop, was that Avast and the process of upgrading windows didn’t go well together. I would have known this DURING the process except Avast recommended it’s firewall should block something Microsoft Edge was trying to do (partially my fault, I had just set everything up and didn’t realize my home network was set to public, and technically it wasn’t a user initiating contact to the internet) so I accepted, and I’m assuming this is where I would be warned about Avast running when windows rebooted. I had over 1600 processes running of Avast when it started up again. Luckily I’ve always pushed every device I own to it’s breaking point, so I didn’t panic, but it did take literal hours to get the laptop to respond enough to go through one of the new safe boot methods I had to lookup thanks to windows 10’s fast start. How many other, less knowledgeable or intuitive, users took a trip to Geek Squad because of this.~~

​

Another more business oriented no-no was them pulling adverts from the above website after a bad review years ago. The site continued to review them fairly, up until a point. What ws it they did to finally get pulled? There was something else too. Oh yeah I remember…THEY GOT CAUGHT SELLING SENSITIVE USER DATA!!! I don’t care if they sold the subsidiary company and blah blah blah. Any site that promotes them without mentioning that, is being willfully dishonest themselves.

Create an antivirus app and report Avast as Trojan as well
Unfortunately, the damage is already done. You could try to sue Avast for defamation and profit loss, but it will be costly as hell.

in fairness edge flagging unsigned MSI’s is fair enough. Upload your stuff to virustotal and see what’s flagging you, then contact all of those vendors.

In fairness, your app acts like a RAT/Trojan so I kinda get why it’s being flagged, it’s a shame since Microsoft offers the same sort of service but they have the $$$ to deal with these sorts of issues.

Since we got a fair amount of downloads, Google has always been very strict with us and periodically reviews our app so we are very careful about communicating to the user how we use their data.

We always explain to our users why we need specific permissions, we do not enforce any permission, and all the network communications are encrypted. Also we do not collect data that can directly identify a person, we don’t sell data to third party, we just use for analytics and to improve the product. However, I really doubt someone at Avast actually checked our app.

As a launcher we provide a lot of functionalities so we need a lot of permissions and I think this may be the reason why the Avast algorithm was misled. I would have understand if they would have explained this to their users, instead they are clearly marking our app as malware and asking anyone to uninstall (I’m not sure a similar behaviour is compliant with Google Play Policies).

Finally, the description of the issue varies depending on the version of the antivirus. One of the most weird one is:

This is a rootkit virus, which can create a hidden filesystem to hide other malware

After working hard for ten years to get the quality of our products recognized, reading this really pisses me off. It’s Saturday and I’d just like to relax after a tough week and instead I can’t stop thinking we are bombarded by bad reviews while I’m eating, sleeping or trying to spent some time with my family.

Thank you for sharing your experience. We already used the form to report the false positive, we also get in contact with Avast via Twitter, but I didn’t provide any solution yet and today is Saturday.

In the best scenario, this will last at least until Monday and it already caused much trouble.

I’m sorry, I don’t understand your first sentence, are you implying we sell data? We sell software, we never sold data.

In fairness, your app acts like a RAT/Trojan so I kinda get why it’s being flagged, it’s a shame since Microsoft offers the same sort of service but they have the $$$ to deal with these sorts of issues.

Well microsoft remote control follow rdp standards, is documented and integrated inside windows, with full control on config, logs etc, so yeah, that’s a bit more than just $$$ …

But how can you guarantee that you do not sell data? Do you use your own Analytic APi or Google, Facebook …

Even though you do not sell the data, if you use Google for tracking, that means google has that data and it can sell it.

Just wanted to say that.

Oh no no, I didn’t mean it like that. I’ll edit my post to clarify. I suppose knowing intent in that post would make it read one way, and after being smeared by Avast, it most likely would not read the way I intended it. Maybe it would have came across the way I intended if I’d put it at the end of my post, instead of the beginning. I almost considered just getting Avast again actually, because despite problems in the past, they are considered one of the best free products, although I suspect that is because most review sites are profiting from their advertising. I’m glad this showed up though, it was enough cause a final decision and just slap BitDefender on here for now.

First of all, we do not collect info that can directly identify someone (username/email/addresses), we just don’t need this kind of info and we never collected them (unless users contact us, in that case, we have their emails in our inbox but this is obvious).

We use Google Analytics to collect interactions with the app. If you are familiar with Google Analytics you will know that events are marked with user-defined labels that are not very meaningful for those who don’t know the meaning of that event. So yeah, Google may technically access that data, but I strongly doubt they will reveal anything that Google doesn’t already know.

When we need to collect something more sensible, we use our servers. The data are still psedo-anonymous and are not linked to the firebase ids, so they remain unlinked from other data we have on the Analytics.

No need, I supposed you meant something else

I’m glad you said something. I have a bit of trouble with tone when I’m behind a keyboard. When communicating, the responsibility lies with the person doing the communication to present themselves correctly. You cannot be expected to infer what I meant, if I do not clearly portray what I was attempting to convey. However, sometimes we don’t know how things will be read or heard by others, so I appreciate you inquiring. I wouldn’t want it to seem I was trying to say anything negative about you or your product. In fact, I’m becoming a bit bored with Nova. I assume by your name you are a Launcher. I think I’ll give you a try, and most likely a 5 star review.