1. Are you ready for the Galaxy S20? Here is everything we know so far!

Malware? + Check APK before installing?

Discussion in 'Android Lounge' started by muddlemand, Jun 30, 2020.

  1. muddlemand

    muddlemand Member
    Thread Starter

    Two questions here, but I hope they fit into one thread as they both turned up during the same attempt to do something...

    I've downloaded an APK from GitHub, not quite the first time I've done this, but I'd very much like to scan this one for viruses/malware before installing. It's the first time I haven't been following a recommendation from someone I'm sure knew what they were talking about.

    Question 1: I installed a load of antivirus apps etc from the Play Store, thinking that if I used them all one after another I couldn't miss something if it was there! Malwarebytes, Avast, Norton, etc etc. But they only seem to scan things once they're running or at least installed - not the APK file sitting in my downloads folder. This is my first question, how to be sure it's ok *before* I risk installing it. This is the question I care about!

    ETA: I've found that AVG lets you scan individual files without paying for premium. But I've got myself into an over-cautious state now, after all this scanning! Can I be sure the app will be safe when installed, just because the APK passed as clean before it's been touched?

    Question 2: So far I've run full scans with four of the apps. Three were happy, but TAPI's Antivirus & Security found a virus in two apps: WebShell.11000023 - in Trend Micro's Mobile Security (with an install date of 2020-10-30), and in App Manager (with an install date of 2020-54-19); I'm not sure if the install dates refer to the the virus being installed or the two apps' installation. The advice is to uninstall immediately.

    It seems odd that Malwarebytes, Avast etc didn't spot this. Is TAPI dodgy? I thought its reviews look genuine and its rating is 4.7. Should I really uninstall those two? I've used App Manager for years and I understand that other antivirus can appear insecure without really being...

    #1 muddlemand, Jun 30, 2020
    Last edited: Jun 30, 2020

    1. Download the Forums for Android™ app!


  2. Davdi

    Davdi Android Expert

    You can be too paranoid - These are most likely false positives. I wouldn't trust TAPI's app. Anyway, there's no such thing as a virus on Android. Sure there are lots of other forms of malware. There's Spyware, trojans scareware (Fake Anti-Virus and 'security' apps that say they've found all sorts of problems, which they'll clear IF you spend x amount for the 'full (Read ' filled with spyware and other nasties'). TAPI seems legit (it's in the play store). I wouldn't be too happy about the memory optimisation aspect though - Android likes to make use of all available memory, and it can often be counter productive to aggressively remove 'unused processes'
  3. muddlemand

    muddlemand Member
    Thread Starter

    Yes, that's what I was thinking - I know about those fake security apps :) and since posting, i've scanned with more apps - a total of eight. Most were very familiar names such as Avast and AVG. And I ignored the optimisation, junk removal, "boost" features. I've uninstalled them all again, too.

    It's only this one APK - does passing the scan before it's been installed, while it's just a single file, definitely mean that it will still be ok after it's installed, when it's an ".exe" file (the android equivalent obviously)? It's nothing dodgy, just not a well-known app, not on Play Store, and I know it's no longer supported; they're still around for questions but don't update it any more.
    puppykickr and MrJavi like this.
  4. puppykickr

    puppykickr Android Expert

    Here is what I would do.

    1. clear data then uninstall all of the 'anti-whatever' apps.

    2. install NoRoot Firewall. (link below)

    3. install Addons Detector.
    (link below)

    4. turn off all internet access on the device, ie. airplane mode on & Wi-Fi off.

    5. install the apk you are worried about- do not run the app yet.

    4. start and set up NoRoot Firewall, making sure that internet access for the app in question is off, and that internet access for Addons Detector is on.
    Be sure to turn internet access on for the apps on the device that have always had access before.

    5. turn airplane mode back off, and turn Wi-Fi back on if desired.

    6. run Addons Detector.
    use it to discover what permissions your questionable apps have, and whatever other info is available about them.

    If you decide to see what the app is all about, run it- once again being sure that NoRoot is blocking any internet access for that app.

    Another thing to do would be to check the issues posted on GitHub about the app in question.

    This is as far as Iet my paranoia take me down this rabbithole, lol.

    Hope this helps.


    MrJavi, Davdi and ocnbrze like this.
  5. muddlemand

    muddlemand Member
    Thread Starter

    I like how you think, @puppykickr.

    Clearly you know how I think, too. ;)

    Thanks for those apps, they're good to know about.
    MrJavi likes this.

Share This Page