Android app flags Kingdom Rush game as infected

AntoineHAntoineH Posts: 4
in F-Secure SAFE

I downloaded the original Kingdom Rush game from the Google Play store. The Safe app says it is infected with "Android/Davitor.2524b30828!Online".

 

I think this is a false detection. Please investigate

 

https://play.google.com/store/apps/details?id=com.ironhidegames.android.kingdomrush&hl=nl

Like

Accepted Answer

Comments

  • AntoineHAntoineH Posts: 4

    How can I submit a sample? It is an app on my phone that was installed via the Play Store. Not a file on my computer that I can upload via the form.

    Like
  • SimonSimon Posts: 2,653 Superuser

    You can submit the URL of the app in the Play Store and they should be able to check it from that.  

    Ukko
    1Like
  • UkkoUkko Posts: 3,198 Superuser
    @AntoineH wrote:

    How can I submit a sample? It is an app on my phone that was installed via the Play Store. Not a file on my computer that I can upload via the form.

    Hello,

     

    Maybe possible to use workaround like:

    --> Create screenshot of 'block'-screen (where visible package-name, detection-name) and attach it as "file" with additional information:

    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

     Where do place URL to PlayMarket (as explanation that possible to download it; and that situation about certain this build).

     

    --> OR get the Play Market URL to this application and transfer it as "URL":

    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url

     Where place more information about detection-name and that there is false-positive.

     

    For example, such workaround I tried with next trouble:

    https://community.f-secure.com/t5/F-Secure-SAFE/false-flagging-of-WhosCall-on/m-p/95557/highlight/true#M16922

    based on your noted 'detection-name' and some Google search --> looks like that detection can be about some advertisements services/design of this game-application. And maybe only as 'PUA'-detection.

     

    With any of meanings -> such detection can be with "back"-status after fresh update/build for game. Maybe possible to ask F-Secure Labs for proper validation about 'reasons' for such detection (not only currently, but globally). And if detection is reasonable -> maybe good to ask about options to exclude/ignore such notification.

     

    Thanks!

    Like
  • AntoineHAntoineH Posts: 4

    I submitted the URL to the Play Store with some extra information. 

    Thanks sofar.

    Ukko
    1Like
  • SimonSimon Posts: 2,653 Superuser

    Sorry, I meant submit the app URL to the F-Secure labs, as mentioned above, so that they can check it and whitelist it. 

     

    Submit Sample

    Ukko
    1Like
  • AntoineHAntoineH Posts: 4

    Yes, that's exactly what I did.

    See that my previous post can be interpreted otherwise, sorry for that.

    SimonUkko
    2Like
This discussion has been closed.