Czech cybersecurity company Avast recently confirmed that its antivirus software development kit (SDK) incorrectly flagged the Google Quick Search Box app launcher as malware on Huawei, Vivo, and Honor smartphones. Users reported that their antivirus software warned them about the Google app, indicating it could secretly send SMS messages, download and install other apps, or steal sensitive information.
Some users received alerts suggesting the Google app was a trojan, providing remote access to their devices for potential attackers to install malware and steal their data. Avast’s SDK, responsible for the false positive, only affected users outside of China and was resolved on October 30. The issue triggered reports from users on Google’s support forum, Reddit, and Huawei’s forum, among other Android communities. In response, Google stated that the false security notification was not triggered by Google Play Protect and appeared to originate from a device not certified by Play Protect.
Google recommended users contact their device manufacturers for further information, emphasizing that Google Play is the only official app store for downloading Google’s core apps on Android devices. Avast acknowledged its SDK was responsible for the false positive on Huawei devices. The SDK delivers the antivirus component of Huawei’s Optimizer app, which is a device management application with cleanup and performance features.
The issue affected Huawei customers outside of China and a small number of Honor and Vivo customers, with Avast implementing a fix on October 30 to resolve the problem.