Jump to content

Android application falsely detected as Android/Monitor


Recommended Posts

Dear MalwareBytes team,

I am from Algo360 - An underwriting solution that leverages SMS data for generating credit scores and helping in financial inclusion and creditworthiness analysis. We form an integral part of India's digital lending ecosystem by providing credit scores for unbanked Indians in a matter of seconds. As SMS information is critical to the formulation of our lending score, we have devised an Android SDK (which goes into our client applications - like banks and other financial corporations) that displays appropriate notices to the customer about their data collection, gets the customer consent about the data collection and only after the customer has given consent that they are fine with their SMS data being collected, we collect their SMS history and relay it to our servers where machine learning algorithms read through the information and generate credit report so that they can get good loans quickly and grow their businesses/satisfy personal financial requirements. 

From our analysis, due to the fact that we collect customer information and do it as a background service (Android JobIntentService), we've been flagged as Android/Monitor or a spyware application. We used https://blog.malwarebytes.com/detections/android-monitor/ as reference to come to this conclusion

We show detailed information to the customer to make them aware of how their information is going to be used. We ensure that data collection takes place only after the customer has given us explicit consent about the same. We abide by Google's strict data collection policies to ensure that the customer is not deceived in any ways possible and they are fully made aware of the type of data being collected. I have attached a screenshot for your reference.

Since data upload can take time, we perform the data collection and upload as a Android background service.

Recently, applications containing our SDK have been flagged as Android/Monitor. We would request you to let us know what should be done in order to get this flag removed and put it as a clean application.

We are certain that it is due to our SDK only as we removed our application from the flagged application and it was detected as clean by MalwareBytes.

Client application: https://play.google.com/store/apps/details?id=com.bharatpe.app&hl=en_IN&gl=US

I have attached the Android application APK to this email as well

I have attached a screenshot of the disclosure we give to the customer prior to capturing their SMS information

Please also let us know if there's any more information you require or if there's more information we can provide you with to make this applicable across our clientele and not just BharatPe.

Please also let us know if there's a way for us to mark this post as private/delete it after resolution.

Thanks very much for your support. Looking forward to hearing a positive response from you.

bharatpe_permissions.jpg

IMG-20210413-WA0001.jpg

Screenshot_20210413-005905.png

Link to post
Share on other sites

Thanks very much for the very prompt response.

Does this mean that any future applications that use the Algo360 SDK will not be flagged as malware? or would you deal with it on a case by case basis?

Also, please let us know if it is the latter, if there's anything that can be done to make it a permanent thing. If required, we can constantly let you know of any new app we integrate with so that you guys can check it out and mark it as a good application?

Let us know at the earliest.

Thanks very much for your help.

Link to post
Share on other sites

Alright.

One more question please. If we had the SMS collection to a foreground and keep the transmission to background, would MalwareBytes have detected it? Could you tell us what exactly caused the detection please.

I am asking this as we want to make changes to the SDK so that even in the future it doesn't get flagged anywhere.

Your help is highly appreciated.

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.