Other Google with its Antivirus engine, pose a serious threat to Android Developers

incendio

Well-Known Member
Licensed User
Longtime User
Hi guys,

I just lost my developer account because Google accused my app posted in Play Store as a malware.
They didn't give any warning, just emailed me that my developer account has been terminated due to their malware policy.

Previously, this app considered as a safe app, Play Store accepted it.

One day, I made an updated version then submited again, and suddently it became a malware.

I have also submitted this 'malware' version to online app scanner, virustotal.com and metadefender.
On Metadefender, 1 engine has a warning that it could send SMS, others engines passed. My App doesn't touch any SMS functions, so I guest it was a false alarm.
On VirusTotal.Com, it passed all engines.

I have also insttalled AVG on my phone and let it scanned my app and it was OK.

My App is a bussines app that records users transactions such as sales, purchase, etc and send the data to Cloud Server with jRDC2.

I reverted back all the updated codes, one by one to the last version that considered safe with Play Store, and uploaded it one by one to Google Drive until find out where is the codes that made Google started treated it as a malware.

I uploaded to Google drive because I assume that they have the same engine with Google Play.

When I found that lines of codes, it was totally not made sense for me.
Here is the code that considered safe with Play Store
B4X:
' codes on Main'
Sub Process_Globals   
    Public kvs As KeyValueStore
End Sub

'codes in Starter'
Sub Process_Globals
    Public rp As RuntimePermissions
    Public RptParams As Map
    Public PUB_InstDir As String
    Public Provider As FileProvider
End Sub

Sub Service_Create
    PUB_InstDir= rp.GetSafeDirDefaultExternal("")
    Provider.Initialize
End Sub

Sub Service_Start (StartingIntent As Intent)
    Main.kvs.Initialize(PUB_InstDir, "datastore")
End Sub

Here is the codes that considered as a malware
B4X:
' all codes on Main and other remain the same'
Sub Service_Start (StartingIntent As Intent)
    Main.kvs.Initialize(File.DirInternal, "cfg")
End Sub

When the file location of KeyValue object changed, Google treated it as a malware.
I made a small app that changed the location of Key Value object and uploaded it to Google Drive, and it was OK.
So, it was unique to my app only.

For me it seem that it was a false alarm. I have submitted all arguments to them, but they still refused to accepted it. They kept hide behind their malware policy.

I don't, how, lot of applications could passed Google Anti-Virus engine.
Could it be that there is something in B4A that triggers this false alarm?
Any suggestion, what should I do?

There is other more serious danger than this. It's called Play Protect.
This is an anti virus software from Google, pre installed in every phones/tablets running Android OS and default mode in On.

It runs in background and scan ALL your app in phones/tablets periodically.
When it decided that an app is a malware/virus, it will deleted without any confirmation at all.

Imagine if there is a company, built an in house app use for private only. This app collects datas and stored it on its internal drive before send it to company's server. Suddently, Play Protect treat it as a malware and delete the app and all data.

To me, it seem that Google want TOTAL Control over Android OS. When they installed Play Protect, it didn't ask for user permission, and when it deleted app, also without user permission.

It was already happen to me, my app suddently vanished.
Funny things is, after that I insttaled again and run a scan with Play Protect manually. Now it was considered safe, fews hour later, scan again with Play Protect, still considered safe, don't know if scan again later.

What is the right do they have to delete an app based on their eradic engine?

Yes, Play Protect can be turn off, but it will give bad impression to users, they might think that there is something wrong with your app.

What do you guys think about this? Are there any action we can take againts this ?
Can we protect app made by B4A so it won't be deleted without confirmation from users?
 

sfsameer

Well-Known Member
Licensed User
Longtime User
Google keep updating their policies and each update they are getting closer to being exactly like apple.
1- delayed approval updates and publishing times
2- restricting types of apps
3- they treat the developers like their enemies, they don't even give a reason or why this is happening.

We have uploaded an app for a client, it took 5 weeks to be published and just like your case after we updated it they refused it.
then we changed the package name and the app name and uploaded again, and guess what? it worked.

i would give google 4-5 years and they will become exactly like apple with their policies.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
Google keep updating their policies and each update they are getting closer to being exactly like apple.
1- delayed approval updates and publishing times
2- restricting types of apps
3- they treat the developers like their enemies, they don't even give a reason or why this is happening.

We have uploaded an app for a client, it took 5 weeks to be published and just like your case after we updated it they refused it.
then we changed the package name and the app name and uploaded again, and guess what? it worked.

i would give google 4-5 years and they will become exactly like apple with their policies.
I changed package name but not app name and installed it not via Play store.

Do you also changed your private key?

Play protect still deleted it. This made me angry, what rights they have to do this with my private app.

Are there nothing we can do to fight this dictatorship?
 
Upvote 0

sfsameer

Well-Known Member
Licensed User
Longtime User
I changed package name but not app name and installed it not via Play store.

Do you also changed your private key?

Play protect still deleted it. This made me angry, what rights they have to do this with my private app.

Are there nothing we can do to fight this dictatorship?
Change :
1- App name
2- Icon
3- Package Name

treat it like a new app and upload it again with the above :
Main.kvs.Initialize(File.DirInternal, "cfg")

and it should work without any problem :)
 
Upvote 0

Sandman

Expert
Licensed User
Longtime User
I was also thinking - and this is just a wild guess! - that "cfg" might raise a flag in their system. Perhaps a term coming up in some known malware? I would be tempted to change it to "userInterfaceSettings", or something making more sense.
 
Upvote 0

Sandman

Expert
Licensed User
Longtime User
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
The biggest problem is their Play Protect.

Even you don't distribute app via Play Store, it still scan your app, and someday, if Google changes their policy, this Play Protect could suddently treat your app as a virus.

No need to wait someday, even now, my app, sometimes treat as a virus, sometimes was OK.

Imagine, you have your app installed on a lots of your customers, one day suddently it is just vanish because Play Protect delete it.

I don't about law, but I think, this policy is a violation of some laws.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
We are thinking of trying Huawei store because it's growing really fast


It would need a lot of marketing,time and effort to compete the big sharks like apple and google
Am I correct, that Huawei need your photo in front of your bank card if you want to create a developer account?
I don't feel comfortable about this.
 
Upvote 0

hatzisn

Well-Known Member
Licensed User
Longtime User
Um... A S S ?

Well, here it means also: "Luck" 😄

What is the Italian expression? I am only familiar with "In culo alla balena".
 
Upvote 0

hatzisn

Well-Known Member
Licensed User
Longtime User
"Avere cu..(bad word)" means "to be lucky"

You seem to have a lot of (bad word) expressions... :) :) :) :)

We have a similar expression with the same part of the body and it means exactly the same with yours but the translation is a lot nastier.
 
Last edited:
Upvote 0

annitb

Member
Licensed User
Longtime User
you might want to see the MANIFEST file to see what permissions got applied by chance that you don't need including SMS. sometimes clicking on the library enables that permission in the app.

resubmit and resubmit often.

for people who speak english as a stated objective, they have NEVER ever given a proper explanation. just wait for you to fix what you think could be the problem and then resubmit.
 
Upvote 0

incendio

Well-Known Member
Licensed User
Longtime User
I knew what was the problem.

I told Google that theirs anti virus has a bug & offered the source codes but they simply didn't care.
 
Upvote 0
Top