false flagging of WhosCall on Android has come back = see original case xxxxxx

Joschka2
Joschka2 Posts: 15 Explorer

After being fixed, the false flagging of WhosCall on Android has come back.

 

Somehow, the fix has dropped off!

 

EDIT TITLE: Removed case number

Comments

  • Hi Joschka2,

     

    Sorry for getting back to you late. I have brought this to the notice of our labs for further checking.

  • Hi Joschka2,

     

    Our labs had a quick check on your case, and the file is clean. It is currently not detected by us and the category has never been changed.

     

    Have you updated the version of the file which has caused the detection change? It is recommended to resubmit the file to us to investigate the issue. 

  • Joschka2
    Joschka2 Posts: 15 Explorer

    The problem was gone and now it's back AGAIN.

     

    It cannot be the file, it has GOT to be F-Secure!!!

     

    (I don't remember how to submit a file on Android.)

  • Ukko
    Ukko Posts: 3,770 Superuser

     

    @Joschka2 wrote:

    The problem was gone and now it's back AGAIN.

     

    It cannot be the file, it has GOT to be F-Secure!!!

     

    (I don't remember how to submit a file on Android.)


    Hello,

     

    If you downloaded this application from Google Play Store -> maybe you able transfer it with F-Secure SAS:

    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-url

     

    As URL (for Google Play market page) and with description/option "I want to give more details about this sample and to be notified of the analysis results" -> you able to provide that subject of this "transfer" is false positive detection for this application (which possible to download by this URL);

     

    Or maybe there will be help from F-Secure Community Managers (as it was with previous situation);

     

    Sorry for my reply.

     

    Thanks!

  • Joschka2
    Joschka2 Posts: 15 Explorer

    Thanks for trying.

     

    That URL seems to be ONLY for a web page being blocked. It is NOT for an app being flagged.

     

    F-Secure SAFE gives me essentially NO options for dealing with this situation where F-SECURE SAFE itself is WRONG!

  • Ukko
    Ukko Posts: 3,770 Superuser

    @Joschka2 wrote:

    Thanks for trying.

     

    That URL seems to be ONLY for a web page being blocked. It is NOT for an app being flagged.

     

    F-Secure SAFE gives me essentially NO options for dealing with this situation where F-SECURE SAFE itself is WRONG!


    Yes, generally it designed to report false-positive for URL (or there possible switch tab to files-report);

    But since - there maybe not possible to get .apk-file and transfer it to F-Secure SAS: I suggested kind of "workaround".

     

    When you transfer URL (official Google Play market for this application) and under description you able to provide words that URL is OK - but application from this URL is blocked.

     

    But anyway - I also just repeated such situation with my Android smartphone - so I able to try such workaround by me. :)

     

    While - under this topic - maybe will be normal official response from F-Secure team.

     

    Thanks!

     

    // other meanings I added there;

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    I got response from F-Secure Labs that they found "file is clean and it was false-positive detection, which will be dropped with next updates";

     

    I do not able to check it with Android device on current time - but maybe you able to re-check if there still any detection for Whoscall (with your experience)?


    Still not sure - if there any proper workarounds for "exclude/ignore" such detection; and what will be with next Whoscall build-update.

     

    Thanks.

  • Joschka2
    Joschka2 Posts: 15 Explorer

    They told me the same thing. But after the 'false-detection' went away, it came back.

     

    Right now it's back so I just ignore it and grumble.

  • Ukko
    Ukko Posts: 3,770 Superuser

    @Joschka2 wrote:

    They told me the same thing. But after the 'false-detection' went away, it came back.

     

    Right now it's back so I just ignore it and grumble.


    Hello,

     

    Yes, but I talk about certain current situation on last week (OR it already "dropped" and back else one time?!); And I got "response"... generally... 'today';

     

    And as with previous my reply - still not sure - how it will be with next "Whoscall" own build update (which maybe will trigger detection else one time); And does there should be any "strong" options for exclude certain application for being detected.

  • Joschka2
    Joschka2 Posts: 15 Explorer

    My impression is that there is no way to be sure if the 'false-detect' goes away.

     

    If 24 hours pass with no detections and then a detection occurrs, I assume it had gone away for a while.

     

    If 10 minutes pass and then a detection occurrs, I assume it had NOT gone away.

     

    But I don't know exactly where to draw the line between 10 minutes and 24 hours.

  • Ukko
    Ukko Posts: 3,770 Superuser

    With my experience - I usually "run" F-Secure Scan (by F-Secure SAFE UI) as kind of "check" - if there any detections for files or not (since - also with my experience - Whoscall was detected by manual scan; maybe additionally to real-time potential detections);

     

    So - if detection did not comes with one of scan-runs (but than comes back after some minutes) - there is something wrong with scanning-design;

    Because.. I think that usually there should not be situations when "detections added/dropped/added/dropped" with small timeframe between changes.. too much often;


    Later added: with my experience there dropped detection for Whoscall (on current time), which was there some days before. still not sure - if situation will be repeated later.

  • Joschka2
    Joschka2 Posts: 15 Explorer

    The problem has been back for WEEKS now. The 'problem detected' has become an almost PERMANENT display.

     

    The really irritating thing is that I am given exactly ONE option: let f-secure delete my whoscall app.

     

    I have 15 f-secure SAFE licenses and, if this doesn't get fixed soon, I will switch to another A-V product.

     

    I've invested a LOT of time and money into f-secure along with my work as a beta tester.

     

    This is just absurd!

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Sorry for my reply. I also decided to re-check with my device and indeed F-Secure do detect PUA-items with latest (?!) WhosCall (and generic-detection name as previously).

     

    You should not to do this .... but did you transfer such information to F-Secure SAS and then there is stuck for weeks?!

    I able to feel that 'detection' comes more about 'advertisement-module' (StartApp) than about WhosCall (even it about 'one'-view). And this is indeed can be 'potentially unwanted'. But I still not sure about handling such "PUA" with Android-platform. Because it can be more 'friendly' to ignore such notification (or re-rate/exclude) certain application.

     

    Thanks!

  • Joschka2
    Joschka2 Posts: 15 Explorer

    On my phone, at least, there is NO option to 'exclude.' The ONLY choice I get is to 'remove all.'

     

    I did another 'remove and reinstall' yesterday and, for the first time noticed that, F-Secure SAFE Andorid, has added a 'call block' feature.

     

    Is it possible that the F-Secure company has decided they want to pressure users to delete any other call-blockers?

     

    That might possibly be illegal behavior. For sure it would be unethical.

     

    I wonder if the Technology section of the New York Times might be interested in looking at this and, maybe even, asking some public questions about this!

     

    NOTE: I prefer to keep using WhosCall because it provides a shared database of known SPAM callers which is far more effective than me having to create my own personal list for everything. Individual users can automatically contribut to that database.

     

    But, then, SPAM calling is legal in Taiwan; partly because the recipient doesn't pay anything for inbound calls.

     

    Why Americans have been persuaded to pay for inbound calls is another question entirely.

  • Ukko
    Ukko Posts: 3,770 Superuser

    Yes,

     

    Sorry for my worst explanation. I also do mean that "there is NO visible option to exclude or ignore detected PUA-item" (and this is "not friendly"). ?! but maybe required clarification from official F-Secure Teams about designed steps when PUA-item can be ignored/excluded (if not possible to use F-Secure SAS or required to do it too often).

     

    About another part:

     

    --> F-Secure SAFE for Android already long time with "Call blocker" module/feature. At least... years (?!).

    And this feature does not cover some of specific situations. So another 'specific' applications time to time can be reasonable under device.

    As my own feelings - can not be any meanings as 'pressure' (or actions against any other call-blockers) by cyber security/privacy F-Secure company . This is maybe common things for US-based (or some other locations) companies, but with my own opinion -> Finland-based (officially) companies do not use such things (usually). They do able to promote their 'technologies' with much more good way (if required).

     

    --> And... F-Secure do mark WhosCall by generic PUA-detection based on their ADs-module (?!). Startapp (as noted/discussed under this topic);

    MAYBE possible to re-check/re-rate such module.. if F-Secure wrongly mark it as PUA;

    They created certain 'policy' for PUA-detections:

    https://www.f-secure.com/en/web/labs_global/potentially-unwanted-applications

     

    If such policy do not cover (or not possible to apply) StartApp.... so F-Secure able to remove such detection at all (since break their policy); I able to think that not only "WhosCall" do use StartApp-module and generic detection for StartApp-advertisement-module can be for another Android applications too.

     

    Potential fix-steps:

    - re-rate it (by transfer information to F-Secure Labs; or when found it by their own steps).

    But... with "WhosCall" required to do it with ?! each update (fresh build for WhosCall);

     

    - re-classify it.

     

    - 'visible' option to ignore/exclude certain PUA-iteam.

     

    Thanks!

  • Hi Joschka2,

     

    I have now escalated this post to our labs so that they can have a look at your issue in detail. One of our lab analysts will get in touch with you via email for further communication.

  • Ukko
    Ukko Posts: 3,770 Superuser

    @Laksh wrote:

    Hi Joschka2,

     

    I have now escalated this post to our labs so that they can have a look at your issue in detail. One of our lab analysts will get in touch with you via email for further communication.


    Hello,

     

    Sorry for my reply. I just 'randomly' noticed that WhosCall was updated after the latest topic's replies and decided to re-check if F-Secure will detect it (else one time) or not.

     

    With my experience -> detection is back :) (or maybe does not re-rated).

    So... does it was useful to talk with Lab analysts? And does it was drop status for WhosCall detection?

    You did not back with fresh reply about fresh detection (back status) - because did not update WhosCall to latest build.. or situation is fixed locally? // I did transfer URL to F-Secure Labs by F-Secure SAS... about current detection-time. and with 'brief feelings' - except notifcation under FS Protection UI, taskbar(?) and during scaning -> Whoscall still available as application probably (possible to use it). And close notification about detection (as 'cancel' or 'back-back-back').

     

    Thanks!

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    I see.

     

    I think that maybe such response was with meanings like: current detection for advertisement-module can be 'reasonable' (based on policies about PUA). But not sure... I will try to re-ask after receiving response about my current transfer URL.

     

    And about switch to another solution -> did you mean for all of platforms? Or under Android only?

    If for Windows too -> does it possible to note what kind of nice features available with another solution (because I'm not able to try it with my devices based on something it always works wrong with this solution; but it can be interesting and good to know for me). Just as sidenote about Support-responses... with your noted solution (previously) I got much more 'strange' response than wtih F-Secure (later). But I did read quite many public responses from different companies - where time to time can be too much strange suggestions. :)

     

    Thanks!

  • Joschka2
    Joschka2 Posts: 15 Explorer

    I do mean ALL of my devices. Right now, I have nine devices transferred to Bitdefender.

     

    I have five Windows 10 devices and four Android devices. (I have an IOS device I have not yet transferred.)

     

    At the individual device level (Android) I can choose to add a lock to any individual app such that starting the app requires a PIN (the same PIN for all locked apps.) This way, I can safely hand my phone to someone else and I know they cannot go exploring without my knowledge. There are too many features to list, but that one is the one I like the most. (I do like that the A-V signature files update every hour and that any device that is off for more than 24 hours is flagged as out of date.)

     

    At the global level, there is a master control application where I can observe the A-V status and activity on all of my devices. From there, I can locate or wipe any Android device (not sure about Windows.) A feature I especially like is: there is a panel where I can enter all of my email addresses and my credit card numbers (they save only the first 12 digits) and then they continually scan the 'dark web' for matches. This way I found that one of my email addresses used as as the id on some system, had been compromised with its password and was offered for sale. While that is of little danger to me-I use different passwords on different systems-I immediately changed every password used with that email. And, I decided to impliment two-factor authentication everywhere it was available.

     

    I suggest you get a free-trial license and look at it yourself.

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    Thanks for your response, description and advices!

     

    My own mobile devices are Windows Phone -> so... I'm not able to try it under Android-device with enough time for proper understanding (also where F-Secure SAFE generally works good for my purposes -> I tried some other solutions which was a little be strange. And Sophos solutions - which looks good. But Bitdefender I did not try with Android-device based on that 'no reasons' to use it only under Android-device (for me)). And kind of this noted 'ability' also possible to use with Windows Phone; but as build-in things (Apps Corner // Kid's Corner) -- so, I do able to feel 'useful'-point of it.

     

    Probably technology-preview/beta of F-Secure SAFE for Android was introduced this feature too (recently). Even locate/wipe/database-updates and status of device (with limitation) was available with F-Secure SAFE for Android too. Not sure about powerful status of this some features (I did not use them). 


    Design about 'surf' for leaked data sounds goods. But looks like that this is something as known-service by Troy Hunt (and many others). Ability to re-check "password leaks" by mail-address.

     

    But... with my own experience -> such services with 'limitation'. For example, definitely known for me about certain leaked and compromised passwords/mail-addresses -> but any of services do not mark them as 'leaked' items or 'part of potential breaches'. Because ?! 'public' available data do not contain them. But anyway: quite often such services (trusted ones) can be useful and helpful.

     

    Sorry for my large reply. And thanks for suggestions else one time.

     

    Thanks!

     

  • Ukko
    Ukko Posts: 3,770 Superuser

    Hello,

     

    As my own feedback about situation with WhosCall and repeated detection:

     

    --> with latest reply's date and 'back false positive detection'-status -- I asked F-Secure Labs about such concern. They performed some kind of 'investigation' (?!) and then back with reply that based on their research and fix-actions -> all should be OK with next releases/updates of WhosCall.

    So, detection should not back with their each update (and not required to transfer it to F-Secure Labs each time).

     

    --> today I re-check that WhosCall was recently with fresh build and tried to install it.

    As result, indeed all OK. and my F-Secure installation do not detect anything and do not trigger detection during manual scan.

     

    Most likely, at least currently, this troublemeanings fixed. Not sure if it can be with back status (if WhosCall-design will be with any other triggers for any other kind of detections) OR if there will be some changes -> but I able to suspect that main trouble-concern from this topic CURRENTLY fixed (and more stable than previously).

     

    Thanks!

     

     

This discussion has been closed.
Feedback on New Design