Dear Everyone,
Currently, I am developing an application for my company on the Android platform. Our application has successfully passed tests using VirusTotal and Avast Mobile. However, when using CloudScan on an OPPO phone with Avast as the provider, our application is flagged as potentially dangerous. Below are the logcat details retrieved from the device:
11-22 05:53:17.369 30269 32753 I CloudScan: scanRequest: {
11-22 05:53:17.369 30269 32753 I CloudScan: "scan": {
11-22 05:53:17.369 30269 32753 I CloudScan: "type": "ST_SCAN_CLOUD",
11-22 05:53:17.369 30269 32753 I CloudScan: "requestType": "RT_INSTALL",
11-22 05:53:17.369 30269 32753 I CloudScan: "sdkName": "SRE_OP",
11-22 05:53:17.369 30269 32753 I CloudScan: "sdkVersion": "1.2.5.1_54ec17a_240308",
11-22 05:53:17.369 30269 32753 I CloudScan: "apiKey": "F3#er98Geqc6A",
11-22 05:53:17.369 30269 32753 I CloudScan: "protocolVersion": "v4.0"
11-22 05:53:17.369 30269 32753 I CloudScan: },
11-22 05:53:17.369 30269 32753 I CloudScan: "env": {
11-22 05:53:17.369 30269 32753 I CloudScan: "androidVersion": 31,
11-22 05:53:17.369 30269 32753 I CloudScan: "isRoot": false,
11-22 05:53:17.369 30269 32753 I CloudScan: "colorOSVersion": "V12.1",
11-22 05:53:17.369 30269 32753 I CloudScan: "country": "AR",
11-22 05:53:17.369 30269 32753 I CloudScan: "language": "vi",
11-22 05:53:17.369 30269 32753 I CloudScan: "deviceName": "CPH2321",
11-22 05:53:17.369 30269 32753 I CloudScan: "hardware": "mt6833",
11-22 05:53:17.369 30269 32753 I CloudScan: "product": "CPH2321",
11-22 05:53:17.369 30269 32753 I CloudScan: "buildId": "SP1A.210812.016",
11-22 05:53:17.369 30269 32753 I CloudScan: "buildType": "user",
11-22 05:53:17.369 30269 32753 I CloudScan: "networkType": "NET_WIFI"
11-22 05:53:17.369 30269 32753 I CloudScan: },
11-22 05:53:17.369 30269 32753 I CloudScan: "user": {
11-22 05:53:17.369 30269 32753 I CloudScan: "guid": "null"
11-22 05:53:17.369 30269 32753 I CloudScan: },
11-22 05:53:17.369 30269 32753 I CloudScan: "app": [{
11-22 05:53:17.369 30269 32753 I CloudScan: "thirdPartyScanResults": {
11-22 05:53:17.369 30269 32753 I CloudScan: "engineName": "SRE_UNKNOWN",
11-22 05:53:17.369 30269 32753 I CloudScan: "returnCode": 0,
11-22 05:53:17.369 30269 32753 I CloudScan: "responseId": 0,
11-22 05:53:17.369 30269 32753 I CloudScan: "resultType": "SRT_DEFAULT",
11-22 05:53:17.369 30269 32753 I CloudScan: "virusName": "",
11-22 05:53:17.369 30269 32753 I CloudScan: "virusDescription": "",
11-22 05:53:17.369 30269 32753 I CloudScan: "plugins": [],
11-22 05:53:17.369 30269 32753 I CloudScan: "risks": [],
11-22 05:53:17.369 30269 32753 I CloudScan: "ApkResultExtend": {
11-22 05:53:17.369 30269 32753 I CloudScan: }
11-22 05:53:17.369 30269 32753 I CloudScan: },
11-22 05:53:17.369 30269 32753 I CloudScan: "appName": "thuocsi",
11-22 05:53:17.369 30269 32753 I CloudScan: "packageName": "com.buymed.app",
11-22 05:53:17.369 30269 32753 I CloudScan: "certMd5": "22f531c81d59a3c516b8b77f5d7a88da",
11-22 05:53:17.369 30269 32753 I CloudScan: "version": "2.1.8",
11-22 05:53:17.369 30269 32753 I CloudScan: "size": "61658937",
11-22 05:53:17.369 30269 32753 I CloudScan: "manifestMd5": "aaa6d88d19ac6a96a9d8f70cf30aa736",
11-22 05:53:17.369 30269 32753 I CloudScan: "sha256": "bb0825352e5260bb1f5c30fba8898067475e61bf36687419d33c1a12769c9708",
11-22 05:53:17.369 30269 32753 I CloudScan: "appInstaller": {
11-22 05:53:17.369 30269 32753 I CloudScan: "appName": "Cửa hàng Google Play",
11-22 05:53:17.369 30269 32753 I CloudScan: "packageName": "com.android.vending",
11-22 05:53:17.369 30269 32753 I CloudScan: "certMd5": "",
11-22 05:53:17.369 30269 32753 I CloudScan: "size": "47746852"
11-22 05:53:17.369 30269 32753 I CloudScan: },
11-22 05:53:17.369 30269 32753 I CloudScan: "apkPath": "",
11-22 05:53:17.369 30269 32753 I CloudScan: "isDebug": false,
11-22 05:53:17.369 30269 32753 I CloudScan: "isBuildIn": false,
11-22 05:53:17.369 30269 32753 I CloudScan: "requestId": 1,
11-22 05:53:17.369 30269 32753 I CloudScan: "md5": "6753ed225ec684e762c69cedca7f6e64",
11-22 05:53:17.369 30269 32753 I CloudScan: "appSignCertThumbprint": "60E3D9D9D333493AEEE3C1A7DA88B15003D88B4F6CA52E1A207F828F42FBFE31",
11-22 05:53:17.369 30269 32753 I CloudScan: "AntifraudLabel": "NOLABEL"
11-22 05:53:17.369 30269 32753 I CloudScan: }],
11-22 05:53:17.369 30269 32753 I CloudScan: "ScanRequestExtend": {
11-22 05:53:17.369 30269 32753 I CloudScan: }
11-22 05:53:17.369 30269 32753 I CloudScan: }
11-22 05:53:17.374 30269 32753 I CloudScan: url:https://virusinfo-cloudscan-in.heytapmobile.com/viapi/v1/file/cloudquery_enc
11-22 05:53:17.804 30269 32753 I CloudScan: scanResponse: {
11-22 05:53:17.804 30269 32753 I CloudScan: "returnCode": 1,
11-22 05:53:17.804 30269 32753 I CloudScan: "errMsg": "",
11-22 05:53:17.804 30269 32753 I CloudScan: "result": [{
11-22 05:53:17.804 30269 32753 I CloudScan: "engineName": "SRE_OP",
11-22 05:53:17.804 30269 32753 I CloudScan: "returnCode": 1,
11-22 05:53:17.804 30269 32753 I CloudScan: "responseId": 1,
11-22 05:53:17.804 30269 32753 I CloudScan: "resultType": "SRT_V",
11-22 05:53:17.804 30269 32753 I CloudScan: "virusName": "Android.Virus.AdCheat.OutAppAD.WAU",
11-22 05:53:17.804 30269 32753 I CloudScan: "virusDescription": "This software may contain pop-up ads outside the application, fake desktop icons and other content, which may affect your experience, please be careful to confirm whether to install and use.",
11-22 05:53:17.804 30269 32753 I CloudScan: "plugins": [],
11-22 05:53:17.804 30269 32753 I CloudScan: "risks": [],
11-22 05:53:17.804 30269 32753 I CloudScan: "ApkResultExtend": {
11-22 05:53:17.804 30269 32753 I CloudScan: }
11-22 05:53:17.804 30269 32753 I CloudScan: }],
11-22 05:53:17.804 30269 32753 I CloudScan: "ScanRequestExtend": {
11-22 05:53:17.804 30269 32753 I CloudScan: }
11-22 05:53:17.804 30269 32753 I CloudScan: }
Observed Issue: In the scan response, the application is flagged with the following details:
- Virus Name: Android.Virus.AdCheat.OutAppAD.WAU
- Description: “This software may contain pop-up ads outside the application, fake desktop icons, and other content, which may affect your experience. Please be cautious and confirm whether to install and use.”
We are confident that our application does not contain any malicious behavior as described in the warning. This issue could potentially cause misunderstandings for our users, affecting the application’s credibility.
Can you help me deal with this?
Thank you for your support!
Best regards,