According to Joe Sandbox Analysis:

Latest fdroid gets verdict. MAL:

Verdict: MAL Score: 48/100 Classification: mal48.troj.evad.andAPK@0/251@1/0

Is it safe to install or is this something to worry about?


If you open the report you see that it thinks it contains malware because:

  1. “Found Tor Address” this is because F-Droid comes with two repositories configured, one of them is from The Guardian Project, the people that distribute the Tor Browser and other apps on Android and one of their mirrors is an .onion address
  2. “Removes its application launcher (likely to stay hidden)” F-Droid uses that for the panic button

There’s nothing else that is even remotely worrying, the other points come from things that shouldn’t be marked as dangerous like sending UDP packets, using non standard TCP ports or Bluetooth (these things are for sharing your local repository over WiFi or Bluetooth) and a couple of other very obvious permissions needed for installing apps.

That sandbox is greatly overreacting to things almost all Android apps do or require for normal functionality like connecting to the internet or running on boot.


Thanks for the very good explanation!


Apart from the fancy headline I see no reason to agree with the proposed suggestion. The linked site gives no evidence for it’s very sparse info.

Until then I leave you with the thought of Betteridge’s law’s_law_of_headlines

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links


  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from, but we are not affiliated with them.

  • 0 users online
  • 6 users / day
  • 43 users / week
  • 140 users / month
  • 434 users / 6 months
  • 4.29K subscribers
  • 1.47K Posts
  • Modlog