I have a 1.5 GB ext partition on my sd card. I use Link2SD which installs as much of an application as possible in that partition instead of internal memory. These apps still show up as being on internal memory in the app management settings.
Is Avast actually scanning those app files on my ext partition? It occurred to me that if the OS thinks they’re still in the phone, then Avast might be thinking the same and somehow giving them the all clear without looking.
I didn’t try it, but I think they should be scanned. But it should be easy for you to say. Just initiate a manual apps scan and observer the app names under the progress bar. You should see apps from your ext partition being scanned.
I did try that, and all seems OK. It’s just that there are usually some remnants on the internal memory, because many apps can’t be completely transferred.
I sure it’s ok, though. As I understand it Avast! Mobile is more of a reputation service than a heuristic scanner, so it would only need to identify a malicious app by name and then I could remove it. If it was a running app it would show up in the RAM memory anyway, I think?
not really, we don’t do app names (like some other apps do/did as far as I know) so we need access to the actual data, not just the app name. But I think it’s scanning just fine. You can try installing Eicar from the Google Play using Link2SD and then run the scan manually to see if it finds it or not.
Dear Avast apk dev.,
I have used F-secure’s version 1.0 Antivirus Test EICAR apk (from Play Store) installed on my phone (Android version 4.4.2 Kitkat).
All the antivirus apks namely Avast, AVG, Quick Heal (in root-permission mode) and CM Security & Antivirus immediately identified the EICAR as PUP.
Then, I moved & then linked EICAR apk to my External SD Card’s 2nd partition. Even then all of the said Antivirus apks detected the threat as usual.
Then, I took a back up of the EICAR apk using ES File Explorer apk & uninstalled the EICAR apk using Avast. Interestingly, this time too all the said four Antivirus apks including Avast identified the backed up EICAR file as a PUP.
Lastly, I used ES File Explorer in root permission mode & just moved the said EICAR backed up apk file from ES Back up folder to my said second partition ext2 folder in data of my android’s system.
This time none of the said Antivirus including Avast could detect the existence of the EICAR backed up file as any threat.
This clearly proves that none of the said antivirus can scan ext2 or ext4 partitions as they do for installed apk or backed up files on External Sd card (I mean sd card’s first partition in FAT32).
I just put my observation here to draw your kind attention & consideration. I don’t know whether this is a fatal vulnerability or not.