Pre Launch report issue with Huawei Mate 9

Question

For several days now every time I release an APK I get a pre-launch report that it failed on Huawei Mate 9. The report doesn't say much, the log doesn't have any crashes in it. The only thing I can see that is odd is that it claims my app has a virus on the screenshots. I'm attaching what it shows. Since I know my app doesn't have a virus, I'm curious if anyone else is seeing that? The only big change in this release is that I added Unity ads.

Since my app has an intro screen, I think those buttons to ignore or uninstall are preventing the test software from progressing in my app.

Edit: A reply had suggested READ_PHONE_STATE was the issue but I just did a release without it and it didn't change anything, the warning is still there. And the app doesn't have SMS permissions either.

Edit: I should add that I went ahead and released this version, the app has had a few hundred thousand users try the new version and two Huawei users have mentioned the warning and one Oppo user, all from some built in protection, not something they installed.

Edit: Manifest permissions I request:

    <uses-permission android:name="android.permission.INTERNET"/>
    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
    <uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
    <uses-permission android:name="android.permission.CHANGE_WIFI_MULTICAST_STATE"/>
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
    <uses-permission android:name="com.android.vending.BILLING"/>
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
    <uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
    <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
    <uses-permission android:name="android.permission.WAKE_LOCK"/>
    <uses-permission-sdk-23 android:name="android.permission.ACCESS_FINE_LOCATION"/>

Edit: Huawei reps have said this to me: We have tested the app on Mate 9 device and other 2 models with Android 9.0, there is no such issue, it might be a problem with Android 7.0 system, so we suggested to guide the user to upgrade to Android 9.0 if they have this issue on their devices.

Edit: A user sent me a screenshot of a more detailed screen and it says clicker.fc is the detected virus. No idea what that is, googling for it hasn't helped. I've tried several virus scanners on my apk and haven't found any issues.

Edit: Turned out to be Unity ads. I managed to narrow down the exact release it happened on and then started testing new builds one by one on Firebase testlab and found the exact lines that caused it. Adding Unity ads on gradle does it every time.

Answer 1

There's no AndroidManifest.xml provided, therefore the answer is just a vague as the question.

Therefore, I'd assume, that:

b) you might be requesting any permission, which requires the application to be registered as the default handler for an Intent

Your app must ask to become a default handler before it requests the permissions associated with being that handler. For example, an app must request to become the default SMS handler before it requests the READ_SMS permission.

b) or it cannot find the privacy policy required for accessing sensitive information, alike PII (personally identifiable information). Unity ads also require a privacy policy. These Unity Ads are generally a little malicious, because of the UnityAdsCache ...which is used to download ads to the device for offline advertisement; alike image and video advertisements, which are +/- 30 seconds long (which may over time lead to certain performance degradation, when the internal storage is full to the brim). See reddit. However, a app's internal storage should still be accessible - but there the negative influence on performance is given - opposite to using external media, alike a SD card.

c) Another possible reason is, that it's a false positive - which could only be resolved by contacting Huawei - and they might be able to either tell you why - or update the signatures of their built-in antivirus app accordingly.

Answer 2

Reason

It is messages for protection against harmful apps in smartphones. it can be because of some ** dangerous permissions** like "Making Phone Calls" , "Sending SMS" or "Reading SMS". Some anti-virus programs mark such applications as potential virus threats from your device because of these dangerous permissions.

Solution

Try to disable the security popup:

Settings -> Google -> Security -> (Play Protect) And uncheck “Scan Device for Security threats”