mastodon - Link to source

We are receiving reports that Google flags our repo as "having dangerous apps" or being a "dangerous site" – texts being very vague, no proof given (nor did they inform us). They also link to a page they call "Transparency Report" – which is of the same vagueness, but definitely not transparent (transparencyreport.google.com/…)

We're not aware of any such dangerous content. All apps on our repo are properly scanned, see izzyondroid.org/about/security…

#IzzyOnDroid #serviceToot

Screenshot from Chrome browser, declaring IzzyOnDroid being a "Dangerous site"
screenshot from Chrome in the Android emulator (Pixel 6, API 34), claiming IzzyOnDroid containing "dangerous apps" "Attackers currently on apt.izzysoft.de could install dangerous apps…" 1) there are no attackers on that site, it's only us 2) we cannot install apps on your device, only you can 3) maybe we have some apps dangerous to Google's business model, but (to our knowledge) none dangerous to your device ;) 4) most of the apps here come from GitHub. I bet GitHub is flagged the same – not, because MS has lawyers we cannot afford…

Security - IzzyOnDroid

Security measures taken at IzzyOnDroid
izzyondroid.org
#serviceToot #izzyondroid
in reply to IzzyOnDroid ✅

mastodon - Link to source

IzzyOnDroid ✅

Google did not inform us. Especially did they not inform us WHICH pages/apps at IzzyOnDroid they consider "dangerous", or WHY. Nor did they give us any means to respond to that threat. It is sad that they are obviously unable to do so. It seems to be asking too much, expecting at least a mail to "webmaster@"…

Should you have any deeper insights, please let us know.

in reply to IzzyOnDroid ✅

mastodon - Link to source

iguana09863

You also need to check the izzyondroid APKs that are not compromised. If you look at the image where it says “relationship,” you will see that there are codes and numbers, and when you tap on those numbers, you will see the number of codes analyzed. Somewhere there should be files in red. The APK or page and repository are fine, but when you upload it to the internet, some APKs may be infected because there are people who copy them and infect them to steal data.
This entry was edited (1 day ago)
in reply to iguana09863

mastodon - Link to source

IzzyOnDroid ✅

@iguana09863 thanks, but there is no "relations" tab. And all our APKs are run through VirusTotal as well. Would one have been tampered with on-site, it would be overwritten on the next sync again.

And APKs do not get infected by copying them. If those malicious people copy them for such purpose, they usually modify them, too. Which would not only break the signature, but also lead to a different file hash. It's all FOSS, they could compile such APKs themselves.

@iguana09863
in reply to IzzyOnDroid ✅

mastodon - Link to source

iguana09863

I'm not saying that your website or repository is infected, it was just an example and I did it with a file from a Nintendo game that I have saved. The IP address of some files may be infected or the DNS, and Google may have thought it was a virus and it may be a false positive. This has happened to me with tools and PDF files, so I wanted to mention it. Anyway, here's a link to this website, it's on internext and it's a virus scanner similar to virustotal👇
internxt.com/virus-scanner

Internxt – Free Online File Virus Scanner

Free tool for scanning files for viruses and malware. Protect your personal documents, data, and hardware from online fraud with a quick and easy scan.
Internxt
in reply to IzzyOnDroid ✅

mastodon - Link to source

Copy Sent

I just tested this by going to apt.izzysoft.de/fdroid/ using the latest version of Chrome for mobile on Android and I don't see any warnings.
It may have been a (potentially anti-competitive) false positive that Google has since corrected. But I don't currently see the issue showing in the screenshots here at all

IzzyOnDroid F-Droid Repository

This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
IzzyOnDroid App Repo
in reply to IzzyOnDroid ✅

mastodon - Link to source

gkrnours

edge browser had a blog post explaining they had better performance than chrome, mosyly measured in battery drain on laptop, but youtube kept changing small thing that was invisible to most user but broke hardware playback on edge browser and software video playback consumed twice as much battery. After a time, they gave up, switched to using chrome rendering engine instead of their own issue stopped.

these scary message remind me of that

in reply to IzzyOnDroid ✅

mastodon - Link to source

IzzyOnDroid ✅

We've registered our site with the Google Console now to get details on the pretended infection. The screenshot below are what they call "full details" – a joke. Nothing applicable (apologies for the German screenshot, but I couldn't see a way to switch the language).

So we requested a re-check. They wanted to know how we solved the problems. All we could tell them is that we checked all details they had provided…

screenshot of the "full details" for the allegedly infected site: "not applicable" is all they say.
screenshot of our request for verification. Well, that's all the details _we_ can give.
in reply to Cassandrich

mastodon - Link to source

IzzyOnDroid ✅

@dalias Not sure it works that way here in Europe. But if there's a lawyer around who wants to pick this up that way, they're welcome.

We'd also welcome a fix and public apology from Google here, in a way making that lawyer "unneeded". Giving the missing details would be a start, I'd say. We're not exactly "bored" here, that we'd need a fight to have something to do…

@Cassandrich