Avast

Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.

On affected devices, users were warned to immediately uninstall the Google app because it could secretly send SMS messages, download and install other apps, or steal their sensitive information.

Others saw a different alert, telling them that the Google app was a trojan that could provide remote access to their device and allow attackers to install malware and steal the users' data.

The false positive issue was reported by users on Google's support forum (Vivo post), on Reddit (Vivo thread), on Huawei's forum, and various other Android communities.

"This security notification was not triggered by Google Play Protect and appears to be from a device that is not Play Protect certified and does not have access to officially download Google's core apps from Play," a Google spokesperson told BleepingComputer.

"We recommend contacting the device manufacturer for further information. Google Play is the only app store where you can officially download Google's core apps for Android."

BleepingComputer also reached out to Huawei and Vivo, but we are yet to receive a response from the Chinese smartphone makers.

Google app mistakenly flagged as malware
Google app mistakenly flagged as malware (BleepingComputer)

Avast antivirus SDK behind false positive

While Google couldn't pinpoint the security service or app that was triggering the false positive, Avast confirmed on Tuesday that its Android antivirus SDK was the one that mistakenly tagged the Google Quick Search Box app launcher as malware.

Avast said Huawei's Optimizer app showed the malware alerts on Huawei devices but didn't provide any details regarding affected Honor and Vivo devices.

"On October 29th, it was reported to Avast that its antivirus Software Development Kit (SDK) for Android was incorrectly flagging the Google Quick Search Box as malware on Huawei phones," the company said.

"This SDK delivers the antivirus component of Huawei's Optimizer app, a device management application that also provides clean-up and performance features."

The cybersecurity firm added that the issue only affected users outside China and was addressed on Monday, October 30.

"The issue affected Huawei customers outside of China only, and a small number of Honor and Vivo customers. A fix was implemented on October 30th which fully resolved the issue," Avast said.

Related Articles:

New Medusa malware variants target Android users in seven countries

Over 90 malicious Android apps with 5.5M installs found on Google Play

Android 15, Google Play Protect get new anti-malware and anti-fraud features

Finland warns of Android malware attacks breaching bank accounts

Rafel RAT targets outdated Android phones in ransomware attacks