Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information.
Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data.
The false positive issue was reported by users on Google's support forum (Vivo post), on Reddit (Vivo thread), on Huawei's forum, and various other Android communities.
"This security notification was not triggered by Google Play Protect and appears to be from a device that is not Play Protect certified and does not have access to officially download Google's core apps from Play," a Google spokesperson told BleepingComputer.
"We recommend contacting the device manufacturer for further information. Google Play is the only app store where you can officially download Google's core apps for Android."
BleepingComputer also reached out to Huawei and Vivo, but we are yet to receive a response from the Chinese smartphone makers.
Avast antivirus SDK behind false positive
While Google couldn't pinpoint the security service or app that was triggering the false positive, Avast confirmed on Tuesday that its Android antivirus SDK was the one that mistakenly tagged the Google Quick Search Box app launcher as malware.
Avast said Huawei's Optimizer app showed the malware alerts on Huawei devices but didn't provide any details regarding affected Honor and Vivo devices.
"On October 29th, it was reported to Avast that its antivirus Software Development Kit (SDK) for Android was incorrectly flagging the Google Quick Search Box as malware on Huawei phones," the company said.
"This SDK delivers the antivirus component of Huawei's Optimizer app, a device management application that also provides clean-up and performance features."
The cybersecurity firm added that the issue only affected users outside China and was addressed on Monday, October 30.
"The issue affected Huawei customers outside of China only, and a small number of Honor and Vivo customers. A fix was implemented on October 30th which fully resolved the issue," Avast said.
Comments
mikebutash - 8 months ago
Google being classified as spyware? Heresy!
How can a company with "Don't be evil" in their charter ever do such a thing. Oh nevermind, that was removed years ago.
9587312878926 - 7 months ago
If I could upvote this I would, but I’ll just add a comment to show my support and increase visibility of this sentiment.
MagnusSkipton - 7 months ago
Finally. I've said Google is spyware and malware for years. When will people wake up?
NoneRain - 7 months ago
Everyone knows the "spyware" side of Google's services. It's no secret that they collect a ton of data, and they actually say that in their user agreement, but, would you mind explaining how they could be considered malware?
9587312878926 - 7 months ago
This resonates even more strongly if you are an Android user. Google’s playground that they can “patch” whatever they want (that’s just on the application level, don’t forget about the field of firmware versions they have).
Malware definition (Wiki):
Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy.
AutomaticJack - 7 months ago
When a corp gets big enough to sway gov policy there's usually incentives drawn out to benefit both entities "i'll scratch your back and you scratch mine".
In part why why human society and our planet is such a dumpster fire.
NoneRain - 7 months ago
And how exactly your comment relate with the article?
9587312878926 - 7 months ago
Because Google is becoming a monopoly and those who control information, controls the future? A little bit of critical thinking would help. Dont forget how Google makes its money.
six-h - 7 months ago
Huawei are pretending it never happened
Ladylee370 - 7 months ago
This has been happening to me too since last month. I use Huawei p30 lite. It flags Google play services as an Evo Gen type of virus. I spent a month without it after factory reseting it and disabling it. A week back I updated it and tried to ignore the warnings. That lasted 2 days until I got an email notification that I had requested a new login for Uber and I wasn't even using Uber. Now I can't disable Google play services as the option is greyed out and I can only force stop it. I'm ready to abandon Huawei for good. I swear.
electrolite - 7 months ago
Kudos to Avast's SDK but it did not go far enough. The whole smart phone stack is spyware, from Google's Android, to the hardware manufacturer to the cell carriers. It is a free for all.