Android Question Problem "APP_NAME appears to be infected. Immediate uninstallation is advised"

George_G

Member
Licensed User
Hello everyone.

I published my app on google play store (as many other apps).
Some users when they tried to install my app the got the following warning

"APP_NAME appears to be infected. Immediate uninstallation is advised"

Any idea about this?

Thank you in advance.
 

George_G

Member
Licensed User
I signed my app via google.
But I just logged in in developer.google and I found this warning.

Security Alert: Your app contains embedded private keys or keystore files

This app contains one or more private keys or keystore files embedded in its published apk as listed at the end of this message. These embedded items can be accessed by third parties, which can raise a variety of different security concerns depending on what the key is used for. For example, if the private key is the signing key for your application, a third party could sign and distribute apps that replace your authentic apps or corrupt them. Such a party could also sign and distribute apps under your identity.
As a general security practice, we strongly recommend against embedding private keys and keystore files in apps, even if the keys are password protected or obfuscated. The most effective way to protect your private key and keystore files are not to circulate them.
Please remove your private keys and keystore files from your app at your earliest convenience. For more information about keeping your keys secure, please see https://developer.android.com/tools/publishing/app-signing.html.
You have a responsibility as a developer to secure your private key properly, at all times. Please note, applications with vulnerabilities that expose users to risk of compromise may be considered in violation of our "Malicious Behavior" policy and section 4.4 of the Developer Distribution Agreement.
 
Upvote 0

George_G

Member
Licensed User
You can upload a new version without this file. The risk is that a hacker who downloaded the previous version can theoretically extract it and use it to replace your app with their own app.
jarsigner error: java.lang.RuntimeException: keystore load: "path of keystore" (The system cannot find the file specified).

How can I compile it without the private key?
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
How can I compile it without the private key?
Store the file on your hdd on a save place (NOT IN YOUR PROJECTFOLDER).
Setup the IDE to use that file.
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
Are you sure that in this way, the warning of the installation will disappear?
Make sure not to have it in the files folder and also sync the filesfolder so that it is no longer part of your apk. I can not answer more as i do not have any app in playstore.
 
Upvote 0
Top