"Virus" in OTA firmware Nokia 6 (5.22A)

Hello, HMD! Explain, please, presence virus in your firmware. Virus name: Android.HiddenAds.256 Location:

"Virus" in OTA firmware Nokia 6 (5.22A)

pavel rus pavel rus
 /  edited February 21
Hello, HMD!
Explain, please, presence virus in your firmware.
Virus name: Android.HiddenAds.256
Location: system/CDA/items/com.aptoide.partners.id3_store/com.aptoide.partners.id3_store.apk

Android Oreo 8.0.0
Nokia 6 TA-1021
00WW_5_22A

Comments

  • user389 user389
    ✭✭✭  /  edited February 13

    Last time the alert from 'Pirrat' in your Russian forum was a 'Suspicious file' false warning from 2 of 61 scan engines.


    Please send the file to virustotal.com and provide a link with the result?


    --
    Hans

  • user389
    I cant extract or delete this file from system area bcz phone is not rooted.
    Same problem here:

    https://forum.drweb.com/index.php?showtopic=329003
    Developer says tha isnt false warning
  • user389 user389
    ✭✭✭  / 

    Thanks Pavel,

    The Aptoide app is not installed on my Danish phone, so I hope your post get attention from others, who are able to analyze further.


    I expect Nokia make sure to provide a clean version, if the Android update comes with the Aptoide Store pre-installed ... but there is no guarantee if you got the APK from elsewhere?


    Are you facing any issues with the phone, or is it an alert you get after installing the Dr.Web anti-virus software?


    --
    Hans

  • Hans, this application detected in system area after: download OTA update, and then --> prepare installation. So, this build in OTA app.
    I hope we get an expain about that from HMD.
  • user389 user389
    ✭✭✭  / 

    Google distribute Over The Air updates for Nokia branded Android phones.

    Google acquired Virustotal in 2012, which soon becomes part of Alphabet (Google's) Chronicle Security company. More about this in the Virustotal blog ...


    Google of course scan all files they distribute, using all the tools and technology they have.


    Depending on phone variant (TA-????), mobile operator, and country, the firmware may come with a custom app store (and other local apps) which may use aptoide.com as backbone.

    In my opinion you trust the anti-virus program and a random person in their forum too much. It is incompetent to claim a virus just because it has aptoide in the .apk file name.


    I will never install any app that requires as many permissions as the Dr.Web anti-virus. VirusTotal Mobile (by FunnyCat) maybe, but only if had an old phone on Android 4 or 5 without security updates and without Play Protect, and I was forced to get apps from friends and unofficial places.
    Modern Android versions are only vulnerable to virus if rooted...


    Don't hold your breath while waiting for HMD to explain anything ;-)


    --
    Hans

  • Unknown
     /  edited February 23

    Hi,


    Application file name com.aptoide.partners.id3_store.apk included in our OTA version 5.22A is not a virus. ID3 Store apps is an application required for one of our local user package. Due to the OTA package is released worldwide for Nokia 6, this apps will be included but it is activated only in the market where it is required.


    Mike

  • Ritzar Ritzar
    ✭✭  / 

    Folks,


    The simple thought that HMD Nokia is to put a virus in a OTA SW package is, little to say, ridiculous. 

    C'mon people, this are Nokia phones after all.

    I do not know what antivirus our colleague Pavel is using, but just the name of the file coming with a SW update says it all.

    There are lots of android devices that have embedded files with content that is not being used, as some of them are made to work in specific environments by specific request. Do not forget that the devices are made to work worldwide.


  • pavel rus pavel rus
     / 
    My antivirus Dr.Web.
    Btw, why Nokia using 3-rd party software in pure Android? I dont wont to see that soft in this firmware
  • Ritzar Ritzar
    ✭✭  / 

    Pavel,


    What you should really do, in my humble opinion, is to contact the Dr.Web people and inform them that this is not a virus. You have a Moderator confirming this.

  • pavel rus pavel rus
     / 
    Ritzar, il read early drweb forum and seen developer answer - this is correct warning from antivirus
Sign In or Register to comment.