TechQA.

APK detected as virus by google drive and email

249 views Asked by At

I have a build variant which we are using internally for testing only and that is shared internally with the team over google drive or email. However, from the last one month, google is flagging this apk as virus which isn't allowing me to share the apk via email or drive. I tried removing all the third party dependencies and everything which I think can be the reason but it is still showing as infected in Virustotal.com.

I have shared all the related details below. https://www.virustotal.com/gui/file/f2c517c0fee77863a12a25fae05bff43daccb7b209446339d9cdabee24937458?nocache=1 Email detects as virus

enter image description here

    compileSdkVersion 33
    buildToolsVersion "30.0.3"
    defaultConfig {
        applicationId ""
        minSdkVersion 26
        targetSdkVersion 32
        versionCode 21
        multiDexEnabled true
        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
        vectorDrawables.useSupportLibrary = true

    }
    packagingOptions {
        resources.excludes.add("META-INF/*")
    }

  

    buildTypes {
        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
            signingConfig signingConfigs.release
        }
        debug {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
        }


    }

    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }

    kotlinOptions {
        jvmTarget = JavaVersion.VERSION_1_8.toString()
    }

    androidExtensions {
        experimental = true
    }

    lintOptions {
        abortOnError false
    }

    dataBinding {
        enabled = true
    }
    applicationVariants.all { variant ->
        variant.outputs.all {
            def flavor = ""
            if (variant.name == "stagingDebug") {
                flavor = "SS"
            } else {
                flavor = "SS"
            }

            def versionName = variant.versionName
            outputFileName = "${flavor}-${versionName}.apk"
        }
    }
}

dependencies {
    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.5.31"


    // SUPPORT
    implementation 'androidx.appcompat:appcompat:1.5.1'
    implementation 'androidx.core:core-ktx:1.8.0'
    // RecyclerView
    implementation 'androidx.recyclerview:recyclerview:1.2.1'

    // CardView
    implementation 'androidx.cardview:cardview:1.0.0'

    // ConstraintLayout
    implementation 'androidx.constraintlayout:constraintlayout:2.1.4'

    //Material
    implementation 'com.google.android.material:material:1.5.0-alpha02'


    // Scalable dimensions
    implementation 'com.intuit.sdp:sdp-android:1.0.6'
    implementation 'com.intuit.ssp:ssp-android:1.0.6'

    //print receipt
//    implementation files('libs/icod_3.1.7.jar')
//    implementation files('libs/posprinterconnectandsendsdk.jar')
//    implementation files('libs/scan_pro.jar')

//    annotationProcessor 'androidx.room:room-compiler:2.4.2'

    // LifeCycle Extensions : LiveData
    implementation 'androidx.lifecycle:lifecycle-livedata-ktx:2.2.0'

    // LifeCycle Extensions : ViewModel
    implementation 'androidx.lifecycle:lifecycle-viewmodel-ktx:2.4.1'

    // LifeCycle Extensions : Lifecycle Scope
    implementation 'androidx.lifecycle:lifecycle-runtime-ktx:2.2.0'

    // Activity Kotlin Extension
    implementation 'androidx.activity:activity-ktx:1.1.0'


    // Retrofit
    implementation 'com.squareup.retrofit2:retrofit:2.9.0'
    implementation 'com.squareup.retrofit2:converter-gson:2.6.2'
    implementation 'com.google.code.gson:gson:2.8.6'
    implementation 'com.squareup.okhttp3:logging-interceptor:4.9.0'
    implementation 'androidx.lifecycle:lifecycle-extensions:2.2.0'
    testImplementation 'com.squareup.okhttp3:mockwebserver:4.5.0'

    // Dagger Hilt
    implementation 'com.google.dagger:dagger:2.39.1'
    annotationProcessor "com.google.dagger:dagger-compiler:2.39.1"
    kapt 'com.google.dagger:dagger-compiler:2.39.1'

    implementation 'com.google.dagger:hilt-android:2.37'
    kapt 'com.google.dagger:hilt-android-compiler:2.37'
    kapt 'androidx.hilt:hilt-compiler:1.0.0'


    // Coroutines
    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.3.7"
    implementation "org.jetbrains.kotlinx:kotlinx-coroutines-android:1.3.7"

    // Glide
    implementation 'com.github.bumptech.glide:glide:4.11.0'
//    kapt 'com.github.bumptech.glide:compiler:4.14.2'


//    implementation 'com.squareup.retrofit2:adapter-rxjava:2.1.0'

//    implementation 'com.squareup.okhttp3:okhttp-urlconnection:3.4.1'

    //tabSyncMenu
//    implementation 'io.github.ahmad-hamwi:tabsync:1.0.1'

    //stripe
    //implementation "com.stripe:stripeterminal:2.9.0"


    //firebase
    implementation platform('com.google.firebase:firebase-bom:30.1.0')
    implementation 'com.google.firebase:firebase-crashlytics-ktx'
    implementation 'com.google.firebase:firebase-analytics:21.1.1'

    //Layout to bitmap
//    implementation 'id.zelory:cekrek:1.0.0'
//    implementation 'com.hbb20:ccp:2.5.0'

    //for allergen filters
    implementation 'com.google.android:flexbox:1.1.0'

    //websocket
//    implementation 'tech.gusavila92:java-android-websocket-client:1.2.2'

//    implementation("com.piesocket:channels-sdk:1.0.5")


}```

Let me know if any other details are required.
android build apk virus trojan
Original Q&A
3

There are 3 answers

0
tahreem On BEST ANSWER

There are many steps that I took which seem to have resolved the issue. I am writing them below for others to use.

  1. Wrote emails to vendors who have flagged my APK. Some of them asked me to share the APK with them and they removed the flag for that APK.
  2. Wrote a request to google asking them why this APK was flagged. Provided all the details necessary for this.
  3. Removed all unnecessary permissions from the manifest files. 4 Updated the dependencies which I could so as to resolve this.
  4. Removed minify enabled from the build file from debug version of the app.
  5. Had to change the rules in progaurd files.
  6. Updated some of the code which I thought was involved in heavy usage of resources.

I hope this helps anyone else who faces any such issue.

0
MãĴď On

use WeTransfer. I used that before and didn't have any issues. it's sent by email as well.

One thing to note is that to do a virus scan on the hardware your are working on. I rescanned the file you provided in the link and it showed 3 yet not sure how such service accuracy since I made an empty project and it showed I had a virus in the APK build.

WeTransfer

0
HSeldon On

I was able to solve this issue by updating the Constraint Layout version in the apps build.gradle from 2.1.4 to 2.2.0:

androidx.constraintlayout:constraintlayout:2.2.0-alpha13

Related Questions in ANDROID

Related Questions in BUILD

Related Questions in APK

Related Questions in VIRUS

Related Questions in TROJAN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions