Malware Threat Mitigation
Malwarelytics for Android provides several threat mitigation options in case a harmful app is detected on the device:
- Killing the app that is integrating Malwarelytics
- Uninstalling the harmful app that has been detected
Due to some Android operating system limitations, uninstalling a harmful app might not always be possible; in certain situations, the system does not allow this. Furthermore, aggressive malware with extensive permissions might be able to protect itself and thwart any uninstallation attempts.
Triggering Mitigations
When the app wants to call a mitigation directly, it has to do so via MitigationManager.
Killing the App
The app can be killed immediately by calling:
val mitigationManager = antivirus.getMitigationManager()
mitigationManager.killApplication()
Uninstalling Other Apps
The app can also make a request to uninstall another app, identified by its package name (application ID):
mitigationManager.uninstallApplication(context, packageName)
However, no callback with the outcome of the uninstall process is provided in this case.
If information about the outcome is required, the uninstallation request has to be made in a slightly more complicated manner, due to Android OS limitations. Only an Activity or a Fragment can be used to make the request as they can receive a callback via the onActivityResult() method that is available in both of them.
The uninstall can be triggered in an activity like this:
mitigationManager.uninstallApplicationWithActivityCallback(activity, packageName, requestCode)
Alternatively, use a fragment (only AndroidX fragment is supported):
mitigationManager.uninstallApplicationWithFragmentCallback(fragment, packageName, requestCode)
Override the onActivityResult() system callback implementation so that the activity/fragment can receive the result via this callback. The requestCode obtained must be matched with the requestCode that was passed to the uninstall request.