Hypatia (Android Anti-Malware)

Continuing the discussion from GitHub:


Where is the discussion on this? I mean, I think this shouldn’t be just pushed to the website without the forum thread. I actually do not think this is quite recommendable at all. […] Also, this app doesn’t stop you from being infected at all, and the chance that it will notify you about it in my eyes is exceptionally low. […] I understand the need of this app for DivestOS as it does not have Google Play, but for others I do not see much benefit TBH.

  1. AFAICT this provides a similar level of protection as Google Play Protect does, without relying on Google services which aren’t always available.
  2. Google Play Protect wouldn’t provide this protection while sandboxed (e.g. on GrapheneOS)
  3. I don’t think Google Play Protect scans downloaded APKs at all (yet), which is the main use-case for this app IMO.

Spyware like this can only be well detected with pattern based behaviour analysis. Once hashes of known things are out, you are far too late, and things like Google Play protect.

  1. Doing this type of analysis is outside the scope of all the tools we’re looking at anyways.

The app is just a hash check AFAIK, the user interface is completely impossible to understand for a general user.

  1. My understanding is that the main use for this app is more for real-time scanning of downloads and less for on-demand scanning, in which case the in-app UI is less critical.

cc @ph00lt0

Also my Android phone is currently broken, so I haven’t tested usability, which is why the PR hasn’t been merged yet anyways (waiting for either my phone to work or for another team member to test).

Seems less friction and integrated into ecosystem.

But How this compares to sending the apk to virustotal?

I think this was recently introduced no?

Sort of I guess. I mean Gplay will scan unknown apps on Google’s side and thus contribute if malicious patterns are found. So in that sense it probably would respond quicker, at least it has the potential to stop widely spread malware quicker.

It can’t remove the app for you but neither this Hypthia would so I don’t think there is a difference on that level.

Agreeing with the other points although the app is a bit janky and feels not so robust and you need to manually enable real-time scanning.

Hence “yet,” but still limited to Play-enabled devices.

1 Like
1 Like

Locked as completed