Our clients are informing us about a Malware Advertisement in Android XP Investimentos App (https://play.google.com/store/apps/details?id=br.com.xp.carteira). Our team already analyze all the possibilities with this positive risk, and We concluded that is false positive. We tried to send a request to add this software in Whitelist, but the form seems to be out.
Can anyone please help us in this situation?
I have attached some evidences in order to help in analysis.
Wait for a final verdict from avast team, as they are the only ones to act.
Has that file been signed properly?
Is there an insecure inline script somewhere?
My problem is that the Whitelist form seems to be out, and return Internal Server Error. Our app have more than 2 million users, and we have a lot of security validations in our publication process. We don’t have any insecure script in our code, and avast doesn’t return any explanation to our clients. Just send the Malware advertisement.
I’m waiting for the responsible team answer my questions, but until there we can lose a lot of client, and this is the reason that I’m trying to contact anyone in Avast that can help me.
It isn’t a problem, avast doesn’t do on-demand website/url scans on VT, it only does live website scans via the Web Shield, that is why you don’t see them in the results.