My antivirus program (CA Anti-Virus) just started reporting the existence of "AndroidOS/SMSTroj.D!generic" in a few of the .dex files generated for my Android projects in Eclipse. (I'm not writing malware!)
Has anyone else seen anything similar?
Is my development environment infected somehow, or is this a false positive? How can I verify and, if it's real, disinfect my system?
I haven't found any info about this trojan (the CA site reports no info). Does anyone have pointers to info about this (in particular about disinfecting the development environment)?
Contacting CA does seem like a good idea, but it might also be interesting to create a blank/hello world app and clean/rebuild the dex files a few times and see if anything picks up. Somehow I doubt a virus would try to parse your program and see what it's doing (other than perhaps permissions of the manifest, I guess you could copy over those from your "infected" project) so a build of any dex I would think should give you the same results. I suspect it's a false positive too. If it comes through clean you can slowly add a few classes at a time from your "infected" project and narrow it down that way.
Yes its a TROJAN.
Have a look here.
https://www.virustotal.com/file/dcf44f7262682ec2274829e6a14dfde470ca60dc1fbb2b76ff1053230ae305c2/analysis/1323302988/
Related
I'm tired to see a lot of Stackoverflow questions about this, even in Google forums or Google official support site, publishing "solutions" that lead to uninstall package through ADB, to do something with the phone rooted, to delete cache of Google Play Services, etc ...
https://code.google.com/p/android/issues/detail?id=64514
https://support.google.com/googleplay/answer/3300875?hl=en
http://gizmostorm.com/how-to-fix-package-file-is-invalid-error-on-google-play-store/
https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&q=android%20upgrade%20download%20invalid%20package ...
etc ...
Is there any solution from the package side ?
I mean, I have an app with hundreds of thousands of installs, and unfortunately many users are complaining about this error when upgrading from store my new version.
Obviously, I can not go one by one telling they have to do this or that, because they are not developers, they just want to upgrade and run an app !
Some users are telling me (complaining) this happened since the last "upgrade attempt" of my app, and they are not experiencing this "package file is invalid" with any other app in their phones.
So, I guess it's something I can fix with another upgrade.
Is there ANY SOLUTION that I can do in the next APK compilation, uploading to Google Play Store and fix this without "bothering" my users ?
Thank you in advance
I have also faced same issue in my project as well. I was adding many more features with new jar, git open source library code for Nice UI.
For searching for solution I found play store has issue in one of its updates
http://www.androidcentral.com/google-investigating-package-file-invalid-errors-google-play
But this is totally not relevant to my problem
Again searching I found this
http://birbit.com/how-to-solve-linearalloc-problem/
So the solution looks to be loading a few jar files dynamically using DexClassLoader.
http://android-developers.blogspot.in/2011/07/custom-class-loading-in-dalvik.html
Prepare Interface of the jar file (list of all classes and methods) and have the interface in the app - Need to see how to do this. - We can just have those classes which we need in our app and ignore the rest of the classes. This way we can implement for few existing jars and any new jars that we have to add to make sure we don’t run into this issue again.
Keep the jar in assets folder
Load every class from the jar (based on the list of jars we have in the interface). (The classes will be loaded just once on first launch)
But Based on this, this looks to be involving lot of coding changes and a time consuming things.
Moreover I found that facebook also faced same issue in their initial android app
https://www.facebook.com/notes/facebook-engineering/under-the-hood-dalvik-patch-for-facebook-for-android/10151345597798920
Final Approach I took was removing additional code from jar/git library project which is not require for my application. after that my app got install on 2.3.X with no error.
Is there any way to export/restore filters for logcat. The reason I'm asking is that i got more then one computer i use and i got a lot of different filters for debug my application so i would like to avoid having to input hundrad of filters manually on each computer.
if this is not possible with the default tool for android development in eclipse is there any other log-plugin for eclipse that got this feature?
I did some googling after this but could not find anything on the subject.
You can copy the value of logcat.view.filters.list in <workspace>/.metadata/.plugins/org.eclipse.core.runtime/.settings/com.android.ide.eclipse.ddms.prefs from one workspace to another and it will both share the same configuration.
I ran my program just fine a few minutes ago, and when I added more functionality now it is telling me "The JRE Instance Default XSLT processor does not support debugging_ Would you like to debug using the default Xalan 2.7.1 processor instead?"
I did restart Eclipse maybe that has something to do with it? :/
It's my first times writing an app so if I have to set something in eclipse each time maybe that's why? and what is it if that is the case.
Thanks!
You were in an XML file when you hit debug, I would bet. Happens to me all the time. For some annoying reason it does something entirely different that I don't understand when you do that. Delete the .out.xml that should probably have been created, open a .java file, and try to debug again. Another way is to just right-click your project and do Run As > Android Application.
Let's say that I'm doing an Android project at the office, and that it is not just a hobby project, and that it is actually intended to be released and mass distributed. Would there be anything crippling about using the Android command line tools to manage the project, and just ignoring Eclipse? They describe here how to manage projects on the command line:
http://developer.android.com/guide/developing/projects/projects-cmdline.html
However, I can't get a feel for if those tools are production quality or not. Basically, I'm afraid that if I use the command line tools then somewhere down the line I'll have to do task "X", only to find out that task "X" is basically impossible or insanely difficult without Eclipse. Are there any such task X's? Or are the Android command line project tools actually viable for commercial projects?
I already know that you won't have a GUI designer, but I'm not that crazy about the GUI designer in Eclipse anyway. I constantly find myself pressing "Run Project" to debug my GUIs on the actual device anyway (layout preview be damned).
As for debugging, for the limited amount of debugging I do command line jdb is adequate, even if not always completely pleasant. And I bet I could set up a GUI debugger if I really had to.
The question is, are there any problems that would be considered effectively insurmountable without Eclipse? Or are there just minor annoyances that can be easily worked around (like the two I just mentioned above).
I realize that stack overflow isn't meant for discussion questions, and this question might seem like just that, but I think it doesn't have to be. If there really is something gigantically terrible about not using Eclipse, someone will mention it, and I'll give them the green check mark. If there isn't, then perhaps someone can point me to examples of existing large projects that use the command line tools instead of Eclipse, and I'll give that the green check mark instead.
Many people use Ant to build Android projects from the command line. Actually, in my opinion this is the preferred way, since it allows you to check everything that you need into a source control system and get predictable and repeatable builds every time.
So, the answer is "Yes"! Take a look at Using Ant to Automate Building Android article for more in-depth explanation how you manage this. Of course, using Eclipse is very convenient, but you don't really need it to build Android applications.
I use Maven for all of mine. See android-maven-plugin.
I am trying to restructure an existing app so that, except for a few override-able methods in a derived activity, all code will reside in a library. This still doesn't work for some reason, but in the process of attempting to troubleshoot this, I discovered much to my dismay that there are two .apk files installed, not one (when I run a debug session from eclipse):
The first (and larger file) is
having the original library name.
The second (only 20KB in size) is
having the derived application name.
Why is that and where can I learn more about this?
Could that explain the ClassNotFoundException problem I am having?
I found the answer myself. It turns out that I had 2 critical settings in the Properties of both projects not set correctly:
In the library project, "Is Library"
was not checked for some reason. I
could swear that I checked it, but
knowing how whimsical the Android
development environment under
Eclipse can be, I suspect that it
was unchecked by Eclipse (or the ADT
plugin) as a result of some glitch.
In the application project, I
neglected to add my library project
as a reference via the Add...
button. (how dumb could I be?)
Hoping this can be useful for other newbies to come.