Old version 11.0 contains virus?

[MathiasHabel]

Hi,

the old version 11.0 contained a tool "cve-2019-2215" in assets/files/bin.aarch64, which virustotal recognizes as trojan/virus: https://www.virustotal.com/gui/file/c37d7cc1ef250ef62240211fae775f964c2ac1c09c58594730425aec0fda04d8/detection.

In 11.3 this tool was dropped according to the git diff e8c454c#diff-39e7d8c00954e920b98e7636f0ac30b2R47

Is this a false positive? What did this tool do?

Thanks,

Mathias

[kwatkins]

Ahh, this is the file that got me booted all over Google Play - everywhere, all apps, and blacklisted me for life. Doesn't matter that this is my profession, doesn't matter the revenue I've brought them, doesn't matter the security protection and countless malicious apps we've worked with and helped protect them on.

Simply put, this was a mistake it got into release. I was doing security research, this was an already released proof of concept code in the public domain. As it needed to be compiled for ARM, it was basically easier to use the adbshellkit environment to compile and outputs the binary to assets/files/bin.aarch64 (where it then got automatically pulled into the release). It was my bad for not removing it before making another release of adbshellkit, that's for sure. It was in otherwise "dead" code, you'd have to know it was there, and it wasn't malicious. A user would have to manually run it and maybe, although it more than likely it wouldn't even, give the user elevated access to the mobile device (root).

So yes, more false positive, but it blackballed me for life on Google Play :(