According to Joe Sandbox Analysis:

Latest fdroid gets verdict. MAL:

Verdict: MAL Score: 48/100 Classification: mal48.troj.evad.andAPK@0/251@1/0

Is it safe to install or is this something to worry about?

​@
link
67M

If you open the report you see that it thinks it contains malware because:

  1. “Found Tor Address” this is because F-Droid comes with two repositories configured, one of them is from The Guardian Project, the people that distribute the Tor Browser and other apps on Android and one of their mirrors is an .onion address
  2. “Removes its application launcher (likely to stay hidden)” F-Droid uses that for the panic button

There’s nothing else that is even remotely worrying, the other points come from things that shouldn’t be marked as dangerous like sending UDP packets, using non standard TCP ports or Bluetooth (these things are for sharing your local repository over WiFi or Bluetooth) and a couple of other very obvious permissions needed for installing apps.

That sandbox is greatly overreacting to things almost all Android apps do or require for normal functionality like connecting to the internet or running on boot.

@throwaway96581
creator
link
17M

Thanks for the very good explanation!

@marcuse1w
link
57M

Apart from the fancy headline I see no reason to agree with the proposed suggestion. The linked site gives no evidence for it’s very sparse info.

Until then I leave you with the thought of Betteridge’s law https://en.wikipedia.org/wiki/Betteridge’s_law_of_headlines

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

  • Posts must be relevant to the open source ideology
  • No NSFW content
  • No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

  • 0 users online
  • 50 users / day
  • 96 users / week
  • 156 users / month
  • 500 users / 6 months
  • 3809 subscribers
  • 1317 Posts
  • 4109 Comments
  • Modlog