I have developed one Android App and published on the Google play store. but when a user runs an antivirus app, my app is showing Trojan-Spy.AndroidOS.Agent. becuase of this user has delated App.
Is there any way so that I can assure that my APK file is virus-free. I am new for Android.I used the virus tool (https://www.virustotal.com/gui/home/upload) to identify it. only Kaspersky found this. All other engines did not detect any virus.
How I can find what is wrong with APK
It’s related to your permissions that u got in app manifest.
But maybe another issue like:
1.foreground service with open mic or camera
2.background service with a high usage
3.http url in your api calling
and so on
Finally, I contacted Kaspersky Technical lab and shared the infected file. after 3 working days, I got a mail that it was a false detection. So my problem got resolved.
Related
I want to access the apk file of any app before installation.
In more details: in google play store when the user clicks on Install button I want my application to access the apk file of the application that the user wants to download, and analyze this apk file and be able to whether allow the installation or stop it.
is that possible and if so how to approach this
On Android this functionality was introduced in Android 4.2. It is usually used by anti-malware products like Google Play Protect is known as a "Package Verifier". There is a good blog post on it here.
The short answer is this has to be done as part of the phone manufacturing process as it is so critical to security. So the answer is it can be done, but if you write this code you will need to get a phone manufacturer to include your code as part of a phone system image.
Most third party anti-malware products instead rely on analyzing the APK after the install happens by listening to the package added notification.
Definitely not possible in the way that you want. Android's OS is pretty well locked down. You might be able to do something if the device was rooted but at that point you may as well write your own OS fork. You can attempt to do someting with https://developer.android.com/reference/android/content/Intent.html#ACTION_PACKAGE_ADDED broadcast but you will not be able to analyze the apk freely nor will you be able to stop the installation of it.
My app uses AdMob. My app doesn't contain any inapp purchases. No device is excluded in developer console and devices tested had higher sdk version than minimum required. My app is optimized with proguard and then zipaligned. Users can install other apps without problems. Why are they getting this error? How can I solve it?
Also when trying to install it via browser on a PC? In this case, where does the error occur, on the pc or the mobile device?
Which app is it?
I think Google Play takes random amount of time even after app being published, before it becomes available for download. Same thing happened to other person I know. After few hours of app being published (not app being uploaded) his app could be downloaded. His app could be downloaded before mine even though mine app was uploaded before his.
I'm writing an app and would like users to be able to download the apk and install it from my website. However, I would like the app to still be able to update through the market, is this possible?
I don't believe that it is possible.
You are better off to link them to the market from your website rather than hosting the APK file.
market://search?q=pname:your.package.name
That will open the market on the users phone. It is safer and easier than plugging in the phone and installing over USB.
As far as I know and tested, applications installed using .apk files, will be recognized from the android market. Some games though like Angry Birds, do not appear on my list of installed applications and unfortunately I can't find out why.
But for what is worth the following link will help you more.
http://androidforums.com/application-development/65282-can-you-keep-your-paid-app-updating-illegally-installed-apk.html
This is not possible without apps like Titanium Backup. Titanium Backup can link apps to their market counter-parts but you cannot do it without an app like that (which requires Root).
As i know - it's not possible.
Even if you'll use the same package names and signing certificates.
I am about to write an App which is customized to Macau, a city in Southern China. I am experiencing some uncertainties and would like to seek help from the fellow developers.
I have checked with Android Dev Guide and found out that we have gotta sign the App with self-generated key or a digital certificate issued from Certificate Authority. May I know whether there are any differences in the user experience when downloading and using the App for self-generated key or digital cert from CA? I heard that Symbian Apps would display alert message like "This App is untrusted" if the App is not formally verified. I do not want this to happen in my App, and I am worried about other tiny differences.
Moreover, I would like to ask about the requirements for digital certificate for signing the App. Is there any specification? Must the key be a .keystore file for signing? I am thinking about applying one from the Post Office for signing, but am worried whether it works.
From the Google Dev Guide, it says we need to plug the Android device to the computer using USB and run the App and perform testing using the computer. May I know more about the testing procedures from the experienced? After this debugging process how can I test the App on a standalone Android phone just like using the App normally? Can I simply sign the App with debug key in the debug mode and use it on the device? Must the device be developer device or Nexus One for performing testing?
If I publish the App to the Web server, i.e. users can download the file and use my file, would my source code be leaked out and get accessed by other people?
Last but not least, as I am developing the free App in Macau, I was stuck when I saw that Macau is not on the developer location list. I wonder whether I can publish my App on the Android Market. When I settle the Google Checkout payment, which option should I choose as my location, as neither China nor Macau is on the list. Should I choose "Hong Kong", my neighbouring city, or simply click "US" for convenience? Can the Android users in Macau download my App from the Android Market? (I cannot see Macau on the supported distribution location list...)
I would really appreciate it if you could kindly answer my loads of questions. Thank you very much!
That's way to many questions for one post, but I'll take a shot at a few.
You must sign your app using a keystore. It should be one you created, but hey, that is your choice. Any app not downloaded from the market is considered "untrusted" and users will receive that error upon installing it.
As far as debugging, you can debug on an emulator and/or a device (phone). Most people will recommend both. Information about how to get started can be found on the Android Development website. More specifically, you can try this
or this.
You can sign the app with a debug key if you setup USB debugging on the phone.
You publish apps as .apk files, which is complied code, not source. Even then it is hackable, just like anything else.
I have downloaded the appinventor_extras_setup.exe from net and installed the complete package. But whenever I type the URL http://appinventor.googlelabs.com it starts asking a survey.. Is that because I haven't connected my phone with the PC.. What if I m a developer with an android phone.. can't I use appInventor?
http://appinventor.googlelabs.com is taking applications to get involved with App Inventor. It is in a limited beta release right now. I and others are waiting patiently for our opportunity to play with App Inventor, as Google processes the invitations.
If you downloaded appinventor_extras_setup.exe from anywhere other than http://appinventor.googlelabs.com, it may not be an authorized copy.
Is that because I haven't connected my phone with the PC
It is probably because you are not part of the beta program.
What if I m a developer with an android phone.. can't I use appInventor?
Fill in the survey and wait to join the beta program.
Now that some time has passed ;-)
The App Inventor invites are getting processed pretty fast.
You do not need an Android phone. There is an emulator that does a lot.
I use the emulator that comes with the Android SDK from Eclipse rather than the one you install if you follow the installation instructions for AI.
It's not open yet. You need to register to it, and they may send you an invite to the beta when it starts.
The header to the "survey" is pretty clear:
« We will be granting access to App Inventor for Android over the coming weeks. Fill out this form (only your Gmail address is required) and we’ll have you building apps soon! »
It is necessary to have your Android phone attached to use the appinventor app and to use appinventor at this time you need to be part of the beta
I agree with previous answers, but it stated that you need an Android device to be able to download the applications to.