We have Bitdefender installed at work and whenever I try to build the project it fails because resources.ap_ is detected as Android.Adware.GingerMaster.BJ. I hope it's obvious I'm not creating malware.
I've uploaded the it to virustotal and where gets flagged as:
- Android_dc.VUJ
- Trojan.AndroidOS.Generic.A
- Android-Malicious/GinMaster
- A.H.Pri.Hippo.A
- a.privacy.popsp.c
and a few other similar names.
I've narrowed it down to these pairs of activities: Fyber:
<activity android:name="com.sponsorpay.publisher.ofw.SPOfferWallActivity"
android:configChanges="keyboardHidden|orientation|screenLayout|screenSize"
android:screenOrientation="sensorPortrait"/>
<activity android:name="com.sponsorpay.publisher.mbe.SPBrandEngageActivity"
android:configChanges="keyboardHidden|orientation|screenLayout|screenSize"
android:screenOrientation="sensorPortrait"/>
and AppLovin:
<activity android:name="com.applovin.adview.AppLovinInterstitialActivity"
android:configChanges="keyboardHidden|orientation|screenLayout|screenSize"
android:screenOrientation="sensorPortrait" />
<activity android:name="com.applovin.adview.AppLovinConfirmationActivity"
android:configChanges="keyboardHidden|orientation|screenLayout|screenSize"
android:screenOrientation="sensorPortrait" />
If I only keep AppLovin or Fyber in the manifest then it only gets flagged as Android.Adware.GingerMaster.BU instead of that whole list.
These are the permissions used:
GET_TASKS, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE, READ_PHONE_STATE,
WRITE_EXTERNAL_STORAGE, INTERNET, GET_ACCOUNTS, BILLING, CHECK_LICENSE, WAKE_LOCK
Obviously if I remove all the ads and all the permissions it no longer gets flagged as malware at all, but the app fails to work at that point.
Has anyone ever encountered such a problem and fixed it? Or alternately is there a tool that can analyse an Android manifest file and tell me if I have any "suspicious" permission combinations ?
