Android application falsely detected as Android/Monitor

[abhiace]

Dear MalwareBytes team,

I am from Algo360 - An underwriting solution that leverages SMS data for generating credit scores and helping in financial inclusion and creditworthiness analysis. We form an integral part of India's digital lending ecosystem by providing credit scores for unbanked Indians in a matter of seconds. As SMS information is critical to the formulation of our lending score, we have devised an Android SDK (which goes into our client applications - like banks and other financial corporations) that displays appropriate notices to the customer about their data collection, gets the customer consent about the data collection and only after the customer has given consent that they are fine with their SMS data being collected, we collect their SMS history and relay it to our servers where machine learning algorithms read through the information and generate credit report so that they can get good loans quickly and grow their businesses/satisfy personal financial requirements. 

From our analysis, due to the fact that we collect customer information and do it as a background service (Android JobIntentService), we've been flagged as Android/Monitor or a spyware application. We used https://blog.malwarebytes.com/detections/android-monitor/ as reference to come to this conclusion

We show detailed information to the customer to make them aware of how their information is going to be used. We ensure that data collection takes place only after the customer has given us explicit consent about the same. We abide by Google's strict data collection policies to ensure that the customer is not deceived in any ways possible and they are fully made aware of the type of data being collected. I have attached a screenshot for your reference.

Since data upload can take time, we perform the data collection and upload as a Android background service.

Recently, applications containing our SDK have been flagged as Android/Monitor. We would request you to let us know what should be done in order to get this flag removed and put it as a clean application.

We are certain that it is due to our SDK only as we removed our application from the flagged application and it was detected as clean by MalwareBytes.

Client application: https://play.google.com/store/apps/details?id=com.bharatpe.app&hl=en_IN&gl=US

I have attached the Android application APK to this email as well

I have attached a screenshot of the disclosure we give to the customer prior to capturing their SMS information

Please also let us know if there's any more information you require or if there's more information we can provide you with to make this applicable across our clientele and not just BharatPe.

Please also let us know if there's a way for us to mark this post as private/delete it after resolution.

Thanks very much for your support. Looking forward to hearing a positive response from you.

[mbam_mtbr]

Hi @abhiace,

Thanks for bringing this to our attention.  This issue has been resolved and will no longer be detected in future database versions.

Thanks again,

Nathan

[abhiace]

Thanks very much for the very prompt response.

Does this mean that any future applications that use the Algo360 SDK will not be flagged as malware? or would you deal with it on a case by case basis?

Also, please let us know if it is the latter, if there's anything that can be done to make it a permanent thing. If required, we can constantly let you know of any new app we integrate with so that you guys can check it out and mark it as a good application?

Let us know at the earliest.

Thanks very much for your help.

[mbam_mtbr]

Hi @abhiace,

Looking at some of the other apps that could be in question, I think you are good moving forward.

Nathan

[abhiace]

Alright.

One more question please. If we had the SMS collection to a foreground and keep the transmission to background, would MalwareBytes have detected it? Could you tell us what exactly caused the detection please.

I am asking this as we want to make changes to the SDK so that even in the future it doesn't get flagged anywhere.

Your help is highly appreciated.

Thanks.

[mbam_mtbr]

Hi @abhiace,

Sent you a Private Message addressing your question.

Nathan

[abhiace]

Received. Thanks very much.

 

Really Appreicate the professionalism and the courtesy,.