Android PUP Detections - Oh, Not That One Again!

Denis Konopiský 20 Nov 2012

Android PUP Detections - Oh, Not That One Again!

Potentially Unwanted Program – that’s what PUP stands for. You probably already had a chance to meet some PUPs on a Windows PC, but how does a PUP look on an Android phone? How will you know how to handle it? All of this will be explained here.

When a PUP alert attacks you, don’t panic.

For starters, it’s just a warning. It’s not a standard virus and, no, your life is not in danger. PUP detections were made to warn people when a suspicious component or ability is detected within the application.

Let’s say you downloaded an app that’s called “Christmas Carols” (don’t panic about that, either; it’s still a month and a half till Christmas) and a PUP warning hits you. The detection name reads “Android:SpyPhone-E [PUP]”. What should you do? Well, what I would do is to sing Silent Night to that app and wave goodbye while uninstalling it. Why? Well, it’s an app that’s supposed to play Christmas carols and not “SpyMyPhone” or whatever that PUP warning says.

Just so you know, in this particular case, this nice app would most probably record your voice when you’re rocking the Jingle Bells in wild style, thinking nobody hears you. The next day you might find yourself on YouTube with 8 million views. Or not. Anyway, it’s your decision to put yourself through this or not, so the next time you want to be a YouTube star, you’ll do it your way and not accidentally by SpyPhone.

That’s what PUP detection is here for, to let you know when something might not be exactly what you want or think it is.

 

However, there’s a second version to that story. There actually is an application called Spy Phone and yes, you’ll get the same warning when you try to install it. Why? Because this app is used for stealth image taking, video recording and… audio recording. The main difference between this app and the evil Christmas Carols one is that you’re downloading this app knowing that it will record you, or in this case, most probably someone else, because that’s what this app is for.

So, in this case, what I would do is hit "Ignore" and enjoy the potential of this app, for example recording a friend talking in his sleep, without him knowing it. Yes I could most probably do that with some regular app because, you know, he is asleep, but you know… Anyway, my point is that in this case it’s okay to use such an app after you get a PUP warning.

 

 

To wrap it up, this is what helped me decide:

  • Asking myself if the app I’m now installing might need to use more abilities than typical apps (i.e. Christmas Carols probably wouldn’t need anything, but Spy Phone most likely would – hence the words “spy,” “stealth,” etc.
  • Taking a look at the detection name and comparing it to the name of the app I’m installing. If the detection name is similar or even the same (e.g. detection: Android:SpyPhone-E, app: Spy Phone), it’s more than possible than this app is okay (if you know what you downloaded it for).
  • Hitting the “Info” button to find out more in “Privacy Info.”

In this case I was installing Radio, got an Android:SpyBubble-G [PUP] warning, checked out Privacy Info and found out that this app would track my GPS, send and read SMS messages, read contacts and other things that a Radio app most probably shouldn’t do. Also the detection name is nowhere close to the app name. I just wanted to listen to the radio, so this app goes away by hitting “Uninstall.

 

So, I hope you’re not afraid anymore. We all are just regular people and PUPs are just PUPs. There’s no rocket science behind it. There’s an option to switch off PUP detection in Settings, so if you feel like it, turn it off, but if you want my advice, keep it on. Keep it on even if you install only apps from Google Play Store. There's no place clean from PUPs and you can't be 100% sure that what you're trying to install is clean without having an antivirus on your smartphone.

 

If you don't have avast! Mobile Security, you can find out more on our website or you can go directly to Google Play Storeand install it.

 

Samples used in this article:

Sample: Spy Phone

SHA256: f44028370cea39fe8f4c9a3df59303263ec735ceb4188091200e027fdfb8649b

Sample: Radio

SHA256: fcea995c8ff797957d4ad88e010c02e6726e5332905fc1dcd55b4981e069cde5

Related articles

--> -->