Virustotal check of downloaded apks #257
Comments
|
This is more of a "feel-good"-security approach. Virustotal won't detect malware right away and I assume that google itself is faster and will take down the app. So when an app gets an malware-infused update it is probably too late anyway. Sure there might be the occasional malware that is triggered by heuristic analysis but it would be stretch (in my opinion) to assume google doesn't use state of the art heuristic analysis themselfs. |
|
Points to consider:
So I think a signature check is pretty similar to what Google Play Protect™ is doing or is at least a part of it. You are right, Virustotal won't detect malware right away, but nothing actually does, so the signature check is not useless. |
Take this all with a grain of salt since I am not a security expert. Just a regular software developer stating his opinion. The only advantage I would see in integrating virustotal is the timely removal of the malware-infused app or reinstating a backup if needed. (granted that Yasp never checks if an app was kicked from google store because of malware. Do not know that). The second advantage would be a better feeling of security for the enduser. So if you feel strongly for this feature or if your knowledge of the topic recommends this (As stated I don't have any deep knowledge on that topic) then go ahead. It's not like I never use virustotal myself (in the rare occasion that I am sitting in front of a windows machine. Process explorer [advanced task manager] has integrated virustotal for processes which is neat) Hope this made my position more clear. Cheers :) |
|
Another point is that virustotal.com has a lot of false positives. I use it a lot and actually many safe apps are reported as infected specially on those infamous anti-virus engines while on the major engines like eset/Kaspersky/panda/drweb for example it's reposted as OK. So if you want to provide this function you may consider just a warning or better checking against just 10 of the major antiviras engines. Also with deltas it'll be a problem. Newly updated apps will have to uploaded for the 1st time to virustotal.com. Anyway I think it's not the job of yalp store to do so. |
|
Any progress with this? I ask b/c I started working on a new VT app to upload files easily from android. I may be able to contribute to this because of some code I've already done. I'll take a look at the UI and maybe look at adding this functionality... if you're already working on it though let me know, I'll help any way I can. Thanks for this app by the way... got rid of the google monster from my phone altogether now :) |
|
@setuidroot I haven't started working on this yet. I can not be sure, but I think all apks from Play Store get into the virustotal base on upload, and are marked malicious only after a sufficient amount of people report something. So uploading apks to virustotal is not something Yalp Store should do. Checking downloaded and/or installed apks can be useful. There is no technical difficulty in implementing this since it is just a request to
|
|
I don't see the point. The apps are directly downloaded from the Play Store, so there shouldn't be any more malware than in the normal Play Store, provided the connection is encrypted. Please tell me it's encrypted. |
There is going to be exactly the same amount of malware. There is malware in Play Store, see my second message in this issue.
Encryption is irrelevant, amount of malware wouldn't change if the connection was not encrypted.
Yes, everything goes through https. |
|
I think that this feature adds more bloat, you can also download a separate app to scan your phone. |
|
I think this feature is useless. As Virustotal is part of Google (as you noted), I am very sure Google already scans each app and takes them down or so.
Sorry, but you miss the point. You do not want to have the list of apps you have installed exposed to anyone on the network. That has nothing to do with malware. |
|
doesmysiteneedhttps.com
-------- Original Message --------
…On 23 January 2018 10:14 PM, rugk ***@***.***> wrote:
I think this feature is useless. As Virustotal is part of Google (as you noted), I am very sure Google already scans each app and takes them down or so.
> Encryption is irrelevant, amount of malware wouldn't change if the connection was not encrypted.
Lorry, but you miss the point. You do not want to have the list of apps you have installed exposed to anyone on the network. That has nothing to do with malware.
But as it would use HTTPS, this is not even a point to discuss.
—
You are receiving this because you commented.
Reply to this email directly, [view it on GitHub](#257 (comment)), or [mute the thread](https://github.com/notifications/unsubscribe-auth/AettI3XhuOXLMbOgdchu-zrSVZzJ86Dnks5tNkuygaJpZM4O3A9j).
|
|
--- English --- Russian |
|
@DarkCat09 why comment on this? Yalp is a dead project and has been replaced by Aurora store from Whyorean |
|
Last change was 2 years ago. Yalps UI is crap, and it's featureless. I don't even know if the implementation still works. Google changed stuff since probably.
…-------- Original Message --------
On 22 Dec 2020, 19:40, rugk wrote:
***@***.***(https://github.com/jfwerner) Is it, though? If so, I have opened an issue: [#638](#638)
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#257 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AHVW2I3N4P5QMJL5Y325VPLSWDRZFANCNFSM4DW4B5RQ).
|
|
@jfwerner, |
After download completes, apk can optionally be checked for malware on virustotal. Since only SHA256 of the apk is required, it should not take too much time.
The text was updated successfully, but these errors were encountered: