socket.io-client-java icon indicating copy to clipboard operation
socket.io-client-java copied to clipboard
verified publisher icon socketio

Virus alert

Open risharde opened this issue 11 months ago • 7 comments

Describe the bug Compiling my Android app with the following directives results in an APK that is detected as a trojan

To Reproduce

// Adding the following to build.gradle.kts will pull these libraries in, compile and output an APK that is detected as a trojan
implementation("io.socket:socket.io-client:2.1.1")
implementation("com.squareup.okhttp3:okhttp:4.12.0")


**Expected behavior**
Well I guess we shouldn't be getting this warning - I'm not exactly sure how this can be dealt with third party AVs
and perhaps also ensure a virus really isn't lurking in the above repos?

risharde avatar Feb 01 '25 06:02 risharde

@darrachequesne

risharde avatar Feb 02 '25 03:02 risharde

Hmmm interesting there's been no response Imagine if the repo does indeed have a virus in it how many people are using the library and have it out in the wild

risharde avatar Feb 11 '25 14:02 risharde

@Harsh5488

risharde avatar Feb 11 '25 14:02 risharde

Hi! Sorry for the delay.

Which system detects the trojan? When uploading your app to the store? Does the warning comes from this library, or from OkHttp?

darrachequesne avatar Feb 16 '25 22:02 darrachequesne

Hi @darrachequesne , glad to hear from you, that's the part I can't really tell off hand - I've avoided adding the libraries back since I'm working on a live app but it's those 2 since socketio requires the okttp according to what I saw on the socket io instructions. Apologies for not being able to compile either one to determine which it is - if you have time to explore, would appreciate it

When I build the apk, I tested it by uploading it to virustotal - actually this was originally discovered by a user who used the app and accused me of being a scammer due to the virus warning - can't say I blame him for thinking that after seeing the virustotal results - I was alarmed + surprised!

risharde avatar Feb 16 '25 22:02 risharde

@darrachequesne thanks for your patience, I got a chance to compile the app and virus total detects the issue even when socket.io is not included - so it's the implementation("com.squareup.okhttp3:okhttp:4.12.0") dependency which is causing the virus alert - I guess this is still a problem for socket.io since it depends on the library?

risharde avatar Feb 22 '25 05:02 risharde

To reproduce the issue create a new project in android studio and add implementation("io.socket:socket.io-client:2.1.0") Upload apk to Google drive and install from that link. The below error will appear. Its same with versions 2.0.0 and 2.1.2 { "error": { "code": 403, "message": "This file has been identified as malware or spam and cannot be downloaded", "errors": [ { "message": "This file has been identified as malware or spam and cannot be downloaded", "domain": "global", "reason": "abuse" } ] } }

atul109 avatar Jul 15 '25 15:07 atul109