Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.
In what appears to be a false positive, these security alerts warn that "immediate uninstallation is advised," as the app is now considered high risk, as shown by the alert below from one of BleepingComputer's devices.
When users click on the 'View Details' option, the alert warns that the app was detected secretly sending SMS messages.
"This app was detected sending SMS privately, enticing users to pay with adult content, downloading/installing apps privately, or stealing private information, which may cause property damage and privacy leakage," reads the security alert details.
"We recommend uninstalling it immediately."
This issue has been reported by many users on the Google support forums (Vivo post), Reddit (Vivo thread), the Huawei forums, and various other Android communities.
BleepingComputer contacted Google to determine if a recent app update might have caused the sudden uptick in malware warnings, but a spokesperson said Google Play Protect is not triggering the alert.
"This security notification was not triggered by Google Play Protect and appears to be from a device that is not Play Protect certified and does not have access to officially download Google's core apps from Play. We recommend contacting the device manufacturer for further information. Google Play is the only app store where you can officially download Google's core apps for Android. All Google apps go through the same rigorous testing as all other apps on Google Play. These tests are designed to ensure that apps are safe, secure, and meet Google's quality standards." - Google spokesperson.
BleepingComputer has independently verified that these alerts were shown on a Huawei device with Google's core apps pre-installed (released before the ban) and no side-loaded apps.
Hence, Google's explanation does not accurately reflect the types of Android devices impacted by these alerts.
BleepingComputer confirmed that these alerts are being shown by the 'Huawei Optimizer' app on Huawei devices. However, it is unclear what apps are displaying the alerts for Vivo or Honor phones.
If you have not side-loaded the Google app on your Huawei, Vivo, or Honor phone, it should be safe to ignore the warning and keep it running.
Furthermore, while it is most likely these alerts are false positives, there has been no official comment from the device makers confirming this.
A proposed solution for disabling the "false alarm" is to go to Settings > Apps > Optimizer > App Info > Storage > Clear Cache / Clear Data and then reboot your device.
If that doesn't work, try to uninstall and reinstall the Huawei Optimizer app.
This action should refresh its outdated signature database, eliminating the incorrect false positive warnings.
BleepingComputer also contacted Huawei and Vivo for a comment, but we have yet to receive a response from the Chinese smartphone makers.
Comments
Riyaaz - 8 months ago
Thank you for this article, I got this exact same issue today after doing my updates. :-)
Buggerlugs223 - 8 months ago
I've had this too from optimiser on my Honor 8x, you can't uninstall or disable the optimiser app. It appears the CCP is doing this deliberately due to a legal dispute with google. It may also be because rolling back to the google app that comes with you're phone pre-installed gives them a possible access point to hack into you're phone. The silence from both google and Huawei on this issue is deafening.
Riyaaz - 8 months ago
I did the work around as suggested and it seemed to have worked. I was able to update the Google app after the clear cache/data and a reboot of course. :-)
h_b_s - 8 months ago
Google isn't being silent about it. They said "talk to Huawei" which is what you should expect them to say. Google doesn't support Huawei's customers, and they don't really support Huawei themselves any more. (Not that Google supports Pixel customers either on any practical level.) Basically, don't use Chinese company phones if you want reliable access to GAPPS. Sucks for people that bought them before the ban, but it's hard to have sympathy here. This comes across as those stupid banners on American cable TV providers and broadcasting station websites screaming about "XYZ is cutting off your access to 'quality' entertainment from MNO broadcast group. ACT NOW!"
Dominique1 - 8 months ago
Of course, GOOGLE is a threat, but we won't know it until we're hit. LOL!!!
nowintel - 8 months ago
Nice article, super strange and undoubtedly alarming for users.
MagnusSkipton - 8 months ago
Hilarious, I've been saying Google is spyware and malware for years.
Riyaaz - 8 months ago
It's Avast!
https://www.bleepingcomputer.com/news/security/avast-confirms-it-tagged-google-app-as-malware-on-android-phones/