According to Joe Sandbox Analysis:
Latest fdroid gets verdict. MAL:
Verdict: MAL Score: 48/100 Classification: mal48.troj.evad.andAPK@0/251@1/0
Is it safe to install or is this something to worry about?
If you open the report you see that it thinks it contains malware because:
- “Found Tor Address” this is because F-Droid comes with two repositories configured, one of them is from The Guardian Project, the people that distribute the Tor Browser and other apps on Android and one of their mirrors is an .onion address
- “Removes its application launcher (likely to stay hidden)” F-Droid uses that for the panic button
There’s nothing else that is even remotely worrying, the other points come from things that shouldn’t be marked as dangerous like sending UDP packets, using non standard TCP ports or Bluetooth (these things are for sharing your local repository over WiFi or Bluetooth) and a couple of other very obvious permissions needed for installing apps.
That sandbox is greatly overreacting to things almost all Android apps do or require for normal functionality like connecting to the internet or running on boot.
Thanks for the very good explanation!
Apart from the fancy headline I see no reason to agree with the proposed suggestion. The linked site gives no evidence for it’s very sparse info.
Until then I leave you with the thought of Betteridge’s law https://en.wikipedia.org/wiki/Betteridge’s_law_of_headlines