How do I add file/folder/app exclusions on the Android app? I've looked everywhere on the app.

I probably missed it somewhere but without the option, the program will be useless for me. Thanks for your help

Answers

  • Hello @LilB281 and welcome to the Community!

    Bitdefender Mobile Security scans all installed applications and .apk files. There are a few system paths that are not scanned, such as:

    1. System applications

    2. Applications installed in those locations cannot be uninstalled anyway.

    Mobile Security will make sure that the Android device stays clean by automatically scanning any application immediately after its install. So, it will no longer scan those apps that have been scanned before or that have not been altered in any way. The only scanning option on Android is to scan the storage or not, and this is enabled by default. You can adjust the Scan Storage option from the Settings menu. However, it won't scan system applications. Apart from this, there isn't any option to exclude files, folders or apps from the scanning process.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • @Alexandru_BD, while this is true, I may have to step in and broadly make a query on this. Since you have already answered, but there are certain situations when an external app is installed that the user does not want to scan and wants to keep as an exception, but there is no option for that.

    One such exception may not be a good practice, but many people use modded versions of applications to access premium features without paying. While this can sometimes be risky, users still want to keep these apps as exceptions.

    For example, on my other device, I try to download modded versions of apps to check them against Bitdefender if it detects them as malicious or if there is any code change. Sometimes Bitdefender detects it as Android.Riskware.TestKey, and sometimes it does not detect anything. But regardless of what Bitdefender does, I do not want it to detect this file in the future. Because if it does and I do not uninstall that particular app, Bitdefender will always warn me, which can be a headache for some users.

    @agozob, can you also provide some insight here? Additionally, can you also briefly explain the detection Android.Riskware.TestKey? Is it a detection created by malware researchers or is it a cloud-based detection, or what exactly is it? To me, it seems like a machine learning detection, as we have the engine of Bitdefender Theta on VirusTotal, which is a kind of machine learning engine for other types of OS malware. That being said, machine learning cannot be integrated in Android in my opinion, but then I think, why is the detection showing up under the Bitdefender Falx engine on VirusTotal since VirusTotal under Bitdefender Falx only shows detections created by malware researchers? So, is it the detection created by malware researchers? I am getting a little confused here.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Interesting point of view @Flexx.

    Let's see if @agozob joins the chat 😄

    Premium Security & Bitdefender Endpoint Security Tools user

  • agozob
    agozob BD Staff

    Hello,

    There is no option to exclude a certain path or app from detection in Bitdefender Mobile Security and it is unfortunately not a priority for us to implement such a feature. This is mostly because the detected threats are not automatically removed on Android (like they are on Windows for instance) so they can simply be ignored. Even though it might seem simple, it would take quite a bit of effort to implement this functionality and people very rarely manifested the need for it. It makes much more sense for us to focus on what makes a difference for the majority of our users.

    @Flexx, Android.Riskware.TestKey is a generic detection which is applied to APKs signed with some publicly available certificates that can be used by anyone to sign an app (e.g. the default certificate included with Android Studio). Although the fact that an APK was signed with a test key does not imply that it's maliciously intended (hence the Riskware detection and not Trojan), it should be considered a red flag. Some malware developers sign their apps with test certificates to hide their identity and avoid certificate based detection. We generally discourage using those apps and think it's best for the average user to be informed about them. As a side note, Google forbids publishing applications signed with test keys on the Play Store.

  • And furthermore, I have observed the testkey detection in modded apps since they modify the built-in codes or files of the original APK and then include their own certificate, correct?

    Secondly, can something be done, such as if a user receives a malware or any type of risk warning, then that user can choose to ignore the warning so that the notification does not appear in the drop-down menu? It can be hidden through notification settings on Android, but that would also hide the main notification saying 'you are protected.' Can an ignore feature be included to disregard the warning in real-time or at the time of scanning until another scan is run by the user in the future? This could be an alternative to the exclusion feature.

    Regards

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • agozob
    agozob BD Staff

    Yes, using any certificate other than the ones generated by the original developer indicates that the app has been tampered with (not necessary with the code but maybe resources, such as images). This is true especially if the app is signed with a test key.

    My team and I do not deal with UX but I'll run your feature proposal by those who do :)

  • Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • Thank you @agozob for your input and valuable insights! 😉👍️

    Premium Security & Bitdefender Endpoint Security Tools user

  • How do I uninstall a rooted os or gain admin access to my windows 11 I have no control over any of my devices anymore and seems like the more I mess with settings they just find a way to re-route my command and mark it as (true or false) to make me think I successfully did something about it.... I'm not savvy at all but everything I mean EVERY PAGE SITE SETTING mentions EU. I don't live in the EU...

  • TheSingular
    edited May 2

    I would like to ask for this feature too since that red shield would just bug me whenever I see it, where can I provide feedback?

  • Flexx
    Flexx mod

    Life happens, Coffee helps!

    Show your Attitude, when you reach that Altitude!

    Bitdefender Ultimate Security Plus (user)

  • TheSingular
    edited May 2