Virus alert

[risharde]

Describe the bug
Compiling my Android app with the following directives results in an APK that is detected as a trojan

To Reproduce

// Adding the following to build.gradle.kts will pull these libraries in, compile and output an APK that is detected as a trojan
implementation("io.socket:socket.io-client:2.1.1")
implementation("com.squareup.okhttp3:okhttp:4.12.0")

**Expected behavior**
Well I guess we shouldn't be getting this warning - I'm not exactly sure how this can be dealt with third party AVs
and perhaps also ensure a virus really isn't lurking in the above repos?

[risharde]

@darrachequesne

[risharde]

Hmmm interesting there's been no response
Imagine if the repo does indeed have a virus in it how many people are using the library and have it out in the wild

[risharde]

@Harsh5488

[darrachequesne]

Hi! Sorry for the delay.

Which system detects the trojan? When uploading your app to the store? Does the warning comes from this library, or from OkHttp?

[risharde]

Hi @darrachequesne , glad to hear from you, that's the part I can't really tell off hand - I've avoided adding the libraries back since I'm working on a live app but it's those 2 since socketio requires the okttp according to what I saw on the socket io instructions. Apologies for not being able to compile either one to determine which it is - if you have time to explore, would appreciate it

When I build the apk, I tested it by uploading it to virustotal - actually this was originally discovered by a user who used the app and accused me of being a scammer due to the virus warning - can't say I blame him for thinking that after seeing the virustotal results - I was alarmed + surprised!

[risharde]

@darrachequesne thanks for your patience, I got a chance to compile the app and virus total detects the issue even when socket.io is not included - so it's the implementation("com.squareup.okhttp3:okhttp:4.12.0") dependency which is causing the virus alert - I guess this is still a problem for socket.io since it depends on the library?