Post Reply

Received a bunch of Lookout Detected Threats

13th March 2014, 10:49 PM   |  #1  
OP Junior Member
Thanks Meter: 3
 
10 posts
Join Date:Joined: Nov 2013
I'm running MOAR v6.0 MD4 (Android 4.1.2) on Sprint GS3. I never received any alerts from Lookout before but today it report 15 riskware alerts:

com.android.phone
com.mythtrandyr.inkeffectsettings
com.lidroid.settings
com.sonyericsson.lockscreen.uxpnxt
com.jy.iconchanger.ad
de.robv.android.xposed.mods.appsettings
com.asushi.livewallpaper.mytree
com.monotype.android.font.XDAFONTS
com.android.launcher
de.robv.android.xposed.installer
com.android.flashblink
com.sec.android.mimage.photoretouching
com.koo.lightmanager
com.android.lmt
com.lidroid.sgs.secretcode

All have a classification of: Riskware.Android.CompromisedKey.a.

Should I alarmed or this is likely a problem with definition update from Lookout?
14th March 2014, 12:00 AM   |  #2  
OP Junior Member
Thanks Meter: 3
 
10 posts
Join Date:Joined: Nov 2013
Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:

The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.

This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).

If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.

We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.

Thanks for using Lookout!

David,
The Lookout Team
The Following 2 Users Say Thank You to mindfulness For This Useful Post: [ View ]
7th May 2014, 03:34 PM   |  #3  
worstenbrood's Avatar
Senior Member
Thanks Meter: 208
 
566 posts
Join Date:Joined: May 2008
Donate to Me
More
Quote:
Originally Posted by mindfulness

Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:

The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.

This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).

If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.

We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.

Thanks for using Lookout!

David,
The Lookout Team

What effect will this have on CM builds because they are using public available keys (https://github.com/CyanogenMod/andro...oduct/security) to sign ?
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools
Display Modes