Android Question OkHttpUtils2 causes false positive and Google Drive download failure

Alessandro71

Well-Known Member
Licensed User
Longtime User
Since I was hit by the Google Drive false positive on APK issue (https://www.b4x.com/android/forum/t...g-googles-false-positive-virus-checks.147537/), I've done some investigation myself.

Try the following steps:

Create an empty B4XPages Android app.
Just the default project, with no additional code.
Create the APK in Release mode (no obfuscation) and upload to www.virustotal.com
Bang!
McAfee-GW-Edition flags it red with "BehavesLike.Suspicious.cc"
indeed an empty app looks suspicious!

Now add OkHttpUtils2 version 3.01 from the libraries window.
No need to write any code that calls it, just flag the library and rebuild the APK
Bang!
Google flags it with "Detected"
Ikarus with "Trojan-Spy.AndroidOS.Agent"
Sophos with "Andr/Xgen-BEZ"
Amazingly, for McAfee this is not suspicious anymore

The Google flag is what causes the download of the APK from Google Drive to fail.

I'm unable to investigate further, but the OkHttpUtils2 library is extensively used in many projects of mine.
 

Alessandro71

Well-Known Member
Licensed User
Longtime User
some more testing on the subject

since OkHttpUtils2 is a B4X lib, I extracted the 2 source files, and added them to the empty B4XPages app, unchecking the main library and checking its dependecies (OkHttp and StringUtils)
Scanning the resulting APK gives consistently the Google "Detected" error

So I proceeded by scanning the dependecies, one a time:

- okhttp-4.9.0.jar
- OkHttp.jar
- okhttp-urlconnection-4.9.3.jar
- okio-2.8.0.jar
- StringUtils.jar

all of them are flagged as clean by virustotal.com

so it looks the false positive lies in the B4X code of the lib itself

I went on scanning the http*.class files in the Objects\bin directory, but none of them gave a positive detection...
 
Upvote 0

Alessandro71

Well-Known Member
Licensed User
Longtime User
This is really nonsense. There is nothing special in that code. I wouldn't use Google Drive if it makes such problems. Upload your APK to a different file service.
I agree on the "nonsense" definition.
Actually I see two potential issues:
1) some customers use Google Drive and seeing apps flagged as "virus" will upset them: it will be difficult to argue with them if Google says so.
2) my main concern, given that Google is the one flagging the APK as "bad", is that the same kind of "nonsense" check will be enforced on the Play Store also, preventing app distribution
 
Upvote 0
Top