Website Distribution Build APK flagging as malware when scanned by antivirus #13238
Closed
4 tasks done
Comments
|
Confirm the issue & also copying from previous issue: This URL seems suspicious. Does Signal use Firebase? |
|
It's a false positive. These things happen. When I looked into it, looks like someone else got flagged recently too: Vita3K/Vita3K-Android#441
Every app that wants to get push notifications has to use FCM, so yeah, we use firebase for that. We don't use it for anything else. You can see how we exclude everything we don't need here: Signal-Android/app/build.gradle Line 480 in 2378346 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug description
Upon downloading the Signal Website Distribution Build APK directly from Signal (https://signal.org/android/apk/) and scanning the file with VirusTotal, the file is getting flagged as malware. Tested several times across multiple versions of the APK starting with version 6.35.5, and most recently with 6.36.5. All scans are returning the same result:
TrendMicro House Call: TROJ_GEN.R002V01IT23
1 bundled file within the APK, titled "classes3.dex" (7.37MB) is also identified as suspicious by the scans.
There was a related issue reported on GitHub (#13219) that has since been closed, which also mentioned this issue. Seems it was closed after addressing the Google Play Protect issue that was erroneously blocking Signal installs 2-3 weeks ago (since diagnosed as a Google-related issue which has been fixed).
Reporting this malware-report issue in the event it was missed in the previous issue report.
Steps to reproduce
Device info
Android version: 14
Signal version: 6.36.5 website distribution build
The text was updated successfully, but these errors were encountered: