1

I'm currently trying to publish my app on huawei appgallery. for in app purchases the package name of the app has to end with ".huawei". so I added a flavor to the build.gradle as they suggested.

flavorDimensions "default"
    productFlavors {
        google {
            dimension "default"
        }
        huawei {
            dimension "default"
            applicationIdSuffix ".huawei"
        }
    }

I was also able to publish my app. but updates are now getting rejected. the message is that there is malware inside.

I first thought it is a problem on their side when creating the apk from the app bundle but then the message also appeared when using apk files. I then installed TotalAV and started scanning the apk files after the build. no matter what I changed the ".huawei" build always had this message. I also tried to remove as many dependencies as possible - no change. the google release apk has no problem! I also added another flavor with some different suffix - this also had the malware. the only difference to the google build is the suffix to the applicationId.

I'm pretty sure this is only a false negative but it would be nice to get rid of this message. any help is appreciated :)

Rupert
  • 76
  • 1
  • 2
  • I think you should contact App Gallery Connect support: https://developer.huawei.com/consumer/en/support/feedback/#/ – m0skit0 Aug 13 '20 at 09:49
  • I am alredy in contact with them. but for me it seams to be a problem with Android Studio. so I thougth maybe someone already has a solution for that. – Rupert Aug 13 '20 at 11:57
  • Not really. The problem lies in the software checking for malware. The generated apk probably has some binary match with some known malware, this raises the false positive. As shirley answers below, you might want to change the encoding to try to avoid this false positive. – m0skit0 Aug 14 '20 at 08:54

2 Answers2

0

The possible causes are as follows:

  1. To support multiple channels, you need to add the agconnect-services.json file to the flavor folder of only the Huawei channel and ensure that the AppGallery Connect plug-in version in the project is 1.2.1.301 or later classpath'com.huawei.agconnect:agcp:1.2.1.301'). If the plug-in version is earlier than 1.2.1.301, upgrade it to 1.2.1.301 or later. To obtain the latest AppGallery Connect plug-in version, please refer to Configuring Address Information for the AppGallery Connect SDK.
  2. Modify configuration files to adapt to multiple flavors.

Configure the gradle.properties file. Add the following configuration at the end of the file:

org.gradle.jvmargs=-Dfile.encoding=UTF-8
  • Supporting Multiple Channels

If your project needs to support different app packages for different channels, the package name needs to vary depending on the channel. Change the package name in productFlavor in the build.gradle file under the app directory. If the same agconnect-services.json file is used for the two channels, the package name verification fails.

For more details, see docs.

Similar question: Different module file by flavor

zhangxaochen
  • 32,744
  • 15
  • 77
  • 108
0

I have now found the source of this problem. some years ago I tested a feature that used device admin functionality. there was still a xml file present in the res folder. it looked like this

<device-admin xmlns:android="http://schemas.android.com/apk/res/android">
<uses-policies>
    <limit-password />
    <watch-login />
    <reset-password />
    <force-lock />
    <wipe-data />
</uses-policies>

I have now removed this file and the malware message is gone. But still strange that it only happened with the huawei build.

Rupert
  • 76
  • 1
  • 2