Android app flags Kingdom Rush game as infected
I downloaded the original Kingdom Rush game from the Google Play store. The Safe app says it is infected with "Android/Davitor.2524b30828!Online".
I think this is a false detection. Please investigate
https://play.google.com/store/apps/details?id=com.ironhidegames.android.kingdomrush&hl=nl
Comments
-
Hi AntoineH,
If you suspect it to be a false positive, please submit the sample to our labs for analysis.
-
@AntoineH wrote:How can I submit a sample? It is an app on my phone that was installed via the Play Store. Not a file on my computer that I can upload via the form.
Hello,
Maybe possible to use workaround like:
--> Create screenshot of 'block'-screen (where visible package-name, detection-name) and attach it as "file" with additional information:
https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file
Where do place URL to PlayMarket (as explanation that possible to download it; and that situation about certain this build).
--> OR get the Play Market URL to this application and transfer it as "URL":
https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url
Where place more information about detection-name and that there is false-positive.
For example, such workaround I tried with next trouble:
based on your noted 'detection-name' and some Google search --> looks like that detection can be about some advertisements services/design of this game-application. And maybe only as 'PUA'-detection.
With any of meanings -> such detection can be with "back"-status after fresh update/build for game. Maybe possible to ask F-Secure Labs for proper validation about 'reasons' for such detection (not only currently, but globally). And if detection is reasonable -> maybe good to ask about options to exclude/ignore such notification.
Thanks!
-
Sorry, I meant submit the app URL to the F-Secure labs, as mentioned above, so that they can check it and whitelist it.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!