Lib for OAuth-1 causes False Positive Trojan detection #18830
Comments
|
Absolutely, it's crucial to ensure you download APK files exclusively from official sources. Also, it's important to remember that third-party websites might not always offer accurate or reliable information. |
|
We have no idea what it is and it's probably unrelated to us |
What are you talking about? |
In my opinion it is completly unprofessional to close such event without investigation. |
|
What kind of investigation. There is no proof what happened / when, there is no trust in such services that they are always correct. However I trust my team and we all do double times code review. You also see full history of commits. |
|
We can't search something if there is no proof enough, if service would say that part of code or that class is trojan that would be at least something to work with. |
|
You know that everything can be hacked like previously python: libraries, github, root certificates ... (just example https://arstechnica.com/information-technology/2022/08/10-malicious-python-packages-exposed-in-latest-repository-attack/) What should you do? Do you noticed huge list "Memory Pattern Urls" that is used by your apk? (http://profile.tut.by - come on) It seems that you just closed the problem to hide a possible problem from others as quickly as possible. |
Where this coming from? I'm closing issue that we're not going to work with but it might be reopen. Open / Closed issues have the same visibility if I wanted to hide it would be different. |
|
From analysis we did that service showed that Free version is "Trojan free" and Paid "Trojan not free", I estimate that it's highly unlikely and My estimation that Service false positive detection much more likely. So if I get more valuable information, I would continue working on that issue and I don't say that Trojan absolute 0% chance |
Thank you for your attention to this issue. The link "profile.tut.by", among with others, came from https://github.com/scribejava/scribejava which we use for OAuth proto. I've splitted our "trojaned" APK files into parts, scanned the parts with VirusTutal, and have found that only 1 dex-file (compiled classes.dex) was reacted by IKARUS scanner. In addition, I've installed IKARUS scanner to my Android and it has reacted to nightly APK-files on smartphone, too. Interestingly that our (OsmAnd made) classes are located in other dex-files ( If you had some spare time, would you mind checking these files in details?
|
|
good job. I really appreciate your effort. |
|
it seems that problem is not directly in a source code but with domains that are used in a code. Because some modules use planty of domains |
|
We're going to update OAuth-2 library soon, probably it won't have these dependencies. |
vshcherb
changed the title
Description
Virustotal reports trojan in nightly
Steps to reproduce
https://www.virustotal.com/gui/file/9a655cc988077087d6312982784b52d6250fe74665f9733f93b4cfc88bbe8026/detection
Actual result
As above
Expected result
Do you confirm problem or it is false positive.
In case the 2nd, bug should be reportet to virustotal
Your Environment (required)
Independent
The text was updated successfully, but these errors were encountered: