Cerberusapp for Android receives false positive

[urmask]

Hi!

Android app:

• https://play.google.com/store/apps/details?id=com.lsdroid.cerberus&hl=et
• https://www.cerberusapp.com/

Phone: LG Nexus 5 with Android 6.0.1

 

App versioninfo and falsepositive is seen on images I've attached. 

 

 

I have used Malwarebytes on my Nexus for a year or so, also Cerberus for a long time. This is the first time it gets this error.
I contacted Cerberus's support and they said it's a false positive. More info: https://www.cerberusapp.com/help.php?answer=22

 

I hope you can do something about it. Verify that it's a false positive and maybe remove it from future scan results?

All questions are warmly welcomed.

Urmas

[a_Mbam]

Hi Urmask,

 

The Cerberus detection is warn people who might have it installed without their knowledge, apps like this can be used to spy or stalk people. It's classified as a PUP (Potentially Unwanted Program) and people who knowingly installed and are aware of its power can ignore the detection and add to MBAMM's scanner Whiitelist.

 

for reference http://www.npr.org/sections/alltechconsidered/2014/09/15/346149979/smartphones-are-used-to-stalk-control-domestic-abuse-victims

 

Regards,

 

-Armando

[urmask]

Fair enough, pup explanation is acceptable. 

[TDIT]

With respect to all at Malwarebytes, I have to disagree.

 

Whilst I accept there are many users of Malwarebytes on their mobile devices who are not IT savvy, simply casting Cerberus as a PUP is unwarranted and potentially damaging to parties not limited to the creators of Cerberus exclusively.

 

We are a support company with a modest client base who we do our utmost to care for. We have received several questions over the detection of Cerberus via Malwarebytes recently. Because we care about our customers are recommend Cerberus to protect their device from theft and Malwarebytes to protect them from everything Malwarebytes covers. Most customers accept it's a false positive and exclude it from future detection, but some question our recommendation of Cerberus in the first place "because it's detected by Malwarebytes." As you can see, this has the potential to hurt both software houses, not because it's detected, but because it's detected without sufficient information for the average user to make an informed decision. A customer has a number of choices, including removal of one piece of software - either Malwarebytes or Cerberus. Personally I'd prefer they kept them both!

 

So how about a logical approach? Keep Cerberus as a PUP detection, but EXPLAIN it to the average user. All it would take is a small amount of text to be supplied with the detection (via a more info button or link) stating that Cerberus is not in itself malicious, but it potentially could be misused if installed unbeknownst to the devices owner. That's it! Problem solved and everyone is happy. What do you say MB folk? Can we call this a 'given'? 

[Suble]

Aw, this was an exceptionally good post. Taking the time and actual effort to produce a good article… but what can I say… I procrastinate a lot and never manage to get anything done. Cerberus
 

[IT_Architect]

> The Cerberus detection is warn people who might have it installed without their knowledge, apps like this can be used to spy or stalk people. It's classified as a PUP (Potentially Unwanted Program) and people who knowingly installed and are aware of its power can ignore the detection and add to MBAMM's scanner Whiitelist. <

If you are going to classify Cerberus, a program you pay for to track your phone, I would assume that you also flag the free Google apps they install on Android that continually try to read your address book, read your mail and sell it to spammers, and have a Timeline keeps track of every move you make.  I want them flagged as PUPs.  Unless you have evidence that Cerberus is selling us out, you are crooked by flagging this app.  It never gets install accidentally or as a hitchhiker for other programs.   

[zyodei]

In short, I shouldn't have had to take the time to google and come here to find out what was going on here.

 

I'm sure that everybody who works at Malwarebytes knows what a PUP is, but it's certainly not a widespread term; I've never encountered it before. You should explain in the app why this is being flagged, not make users work to figure it out.

[Vabadus]

@zyodei Thank you for the feedback, we'll definitely consider this. You have totally a valid point from customer perspective. We'll see what can we do about it.