Huawei

Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.

In what appears to be a false positive, these security alerts warn that "immediate uninstallation is advised," as the app is now considered high risk, as shown by the alert below from one of BleepingComputer's devices.

Warning bubble on a Huawei device
Warning bubble on a Huawei device
Source: BleepingComputer

When users click on the 'View Details' option, the alert warns that the app was detected secretly sending SMS messages.

"This app was detected sending SMS privately, enticing users to pay with adult content, downloading/installing apps privately, or stealing private information, which may cause property damage and privacy leakage," reads the security alert details.

"We recommend uninstalling it immediately."

This issue has been reported by many users on the Google support forums (Vivo post), Reddit (Vivo thread), the Huawei forums, and various other Android communities.

BleepingComputer contacted Google to determine if a recent app update might have caused the sudden uptick in malware warnings, but a spokesperson said Google Play Protect is not triggering the alert.

"This security notification was not triggered by Google Play Protect and appears to be from a device that is not Play Protect certified and does not have access to officially download Google's core apps from Play. We recommend contacting the device manufacturer for further information. Google Play is the only app store where you can officially download Google's core apps for Android. All Google apps go through the same rigorous testing as all other apps on Google Play. These tests are designed to ensure that apps are safe, secure, and meet Google's quality standards." - Google spokesperson.

BleepingComputer has independently verified that these alerts were shown on a Huawei device with Google's core apps pre-installed (released before the ban) and no side-loaded apps. 

Hence, Google's explanation does not accurately reflect the types of Android devices impacted by these alerts.

BleepingComputer confirmed that these alerts are being shown by the 'Huawei Optimizer' app on Huawei devices. However, it is unclear what apps are displaying the alerts for Vivo or Honor phones.

If you have not side-loaded the Google app on your Huawei, Vivo, or Honor phone, it should be safe to ignore the warning and keep it running.

Furthermore, while it is most likely these alerts are false positives, there has been no official comment from the device makers confirming this.

A proposed solution for disabling the "false alarm" is to go to Settings > Apps > Optimizer > App Info > Storage > Clear Cache / Clear Data and then reboot your device.

If that doesn't work, try to uninstall and reinstall the Huawei Optimizer app.

This action should refresh its outdated signature database, eliminating the incorrect false positive warnings.

BleepingComputer also contacted Huawei and Vivo for a comment, but we have yet to receive a response from the Chinese smartphone makers.

Related Articles:

Google Pixel 6 series phones bricked after factory reset

New Medusa malware variants target Android users in seven countries

Over 90 malicious Android apps with 5.5M installs found on Google Play

Android 15, Google Play Protect get new anti-malware and anti-fraud features

Rafel RAT targets outdated Android phones in ransomware attacks