Jump to content

False positive for Lock Me Out app


teqtic

Recommended Posts

Hi,

A user of my app has informed me Malwarebytes is marking my app "Lock Me Out" as ransomware on Android. The app helps people limit their times on their phones based on rules they set up for themselves. Nothing is ransomed. Could someone please investigate?

Google Play link to app: https://play.google.com/store/apps/details?id=com.teqtic.lockmeout

Thanks!

Link to post
Share on other sites

Hi @teqtic,

I'm not seeing any detections.  

What your users may be referring to is our advanced ransomware scanner if they installed your app from outside the Google Play store.  Apps that have elevated privileges and that have been installed using side loading (anything installed outside of Google Play) are flagged as potential ransomware.

Installation from outside the Play Store plus elevated privileges are big red flags. Therefore, we warn our customers that a suspicious app was installed that displays ransomware like properties. It’s up to the user to ignore our warnings or not.

However, I added a whitelist for your app, so your users shouldn't experience this in the future.

Thanks for reaching out,

Edited by mbam_mtbr
  • Thanks 1
Link to post
Share on other sites

5 hours ago, mbam_mtbr said:

Hi @teqtic,

I'm not seeing any detections.  

What your users may be referring to is our advanced ransomware scanner if they installed your app from outside the Google Play store.  Apps that have elevated privileges and that have been installed using side loading (anything installed outside of Google Play) are flagged as potential ransomware.

Installation from outside the Play Store plus elevated privileges are big red flags. Therefore, we warn our customers that a suspicious app was installed that displays ransomware like properties. It’s up to the user to ignore our warnings or not.

However, I added a whitelist for your app, so your users shouldn't experience this in the future.

Thanks for reaching out,

Alright, thank you. Perhaps instead of just classifying sideloaded apps with elevated permissions as ransomware, they should have their own section, sideloaded / untrusted apps. 

Link to post
Share on other sites

14 hours ago, teqtic said:

Alright, thank you. Perhaps instead of just classifying sideloaded apps with elevated permissions as ransomware, they should have their own section, sideloaded / untrusted apps. 

Well, it's not so much a classification as it is a warning.  If it was "classified", it would have a specific detection.  We kind of do this in a way.  For example, if your app is downloaded/installed from Google Play, then it is not triggered.  How would we have a way to know what is untrusted/trusted apps outside of Google Play?  For you, you sign our app with a specific Digital Certificate, so we know what is trusted for you.  Unfortunately, there are many developers that use generic Digital Certificates.  Therefore, we can't assume every app on Google Play has a legitimate Digital Certificate, and create "trusted" apps off of that.  We can't use package names that exist on Google Play either because anyone can create an app, or just grab an app on Google Play and modify it with same package name.  The Digital Certificate would be different so you couldn't just put on Google Play, but you could put on a third party app store.  Thus the reason we trigger on sideloaded apps. 

Any thoughts would be much appreciated,

 

Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.