Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,786,776 Members 41,518 Now Online
XDA Developers Android and Mobile Development Forum

Received a bunch of Lookout Detected Threats

Tip us?
 
mindfulness
Old
#1  
Junior Member - OP
Thanks Meter 3
Posts: 10
Join Date: Nov 2013
Default Received a bunch of Lookout Detected Threats

I'm running MOAR v6.0 MD4 (Android 4.1.2) on Sprint GS3. I never received any alerts from Lookout before but today it report 15 riskware alerts:

com.android.phone
com.mythtrandyr.inkeffectsettings
com.lidroid.settings
com.sonyericsson.lockscreen.uxpnxt
com.jy.iconchanger.ad
de.robv.android.xposed.mods.appsettings
com.asushi.livewallpaper.mytree
com.monotype.android.font.XDAFONTS
com.android.launcher
de.robv.android.xposed.installer
com.android.flashblink
com.sec.android.mimage.photoretouching
com.koo.lightmanager
com.android.lmt
com.lidroid.sgs.secretcode

All have a classification of: Riskware.Android.CompromisedKey.a.

Should I alarmed or this is likely a problem with definition update from Lookout?
 
mindfulness
Old
#2  
Junior Member - OP
Thanks Meter 3
Posts: 10
Join Date: Nov 2013
Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:

The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.

This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).

If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.

We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.

Thanks for using Lookout!

David,
The Lookout Team
The Following 2 Users Say Thank You to mindfulness For This Useful Post: [ Click to Expand ]
 
worstenbrood
Old
#3  
worstenbrood's Avatar
Senior Member
Thanks Meter 205
Posts: 564
Join Date: May 2008

 
DONATE TO ME
Quote:
Originally Posted by mindfulness View Post
Great support from the Lookout guys as I emailed them and they replied right away, here's what they said. I should be okay:

The reason we have flagged this app is as 'Riskware' is due to a special key that this particular developer used when publishing the app. The key is normally a private piece of information that we use to determine if an app is authentic, and to identify the developer. In this particular situation, the developer chose to use a key that has been widely distributed on the internet or has been compromised.

This makes it impossible for us to validate the app and its authenticity. Therefore, we are not calling these apps malware, but we recommend that users not install apps like this because it is inherently more risky (hence the "Riskware" assessment).

If you as a user understands the risk and still decide to trust the app, feel free to ignore the warning.

We have also been seeing some device manufacturer, preinstalled apps also being flagged as 'Riskware' for the same reason. These apps are unable to be uninstalled and we please ask that you ignore the warning if it is an app that came preinstalled on the device. We have reached out to these developers to make the proper changes.

Thanks for using Lookout!

David,
The Lookout Team
What effect will this have on CM builds because they are using public available keys (https://github.com/CyanogenMod/andro...oduct/security) to sign ?
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes