Whitelists are lists that contain data about applications which should not be flagged as malware.
There are two types of whitelist:
Installation Source Based
Dynamic Package Name Based
You can omit a whitelist if you don't want to use it.
An installation source whitelist contains a list of installation sources (package names) which are considered trustworthy.
We use installation source during two checks:
standalone installation source check - any application that is installed from a source that is not whitelisted will be returned as suspicious in the scan result with the reason value set as installSource
suspicious permissions check - as mentioned in Suspicious Permissions list, while checking permissions, we also check the installation source to reduce false positives. The logic is the same as in the standalone installation source check, any application installed from a source that is not whitelisted will be considered as installed from an untrusted source.
When checking installation source, we filter out system applications to reduce the amount of false positives
com.android.vending Package name of Google Play Store
com.huawei.appmarket Package name of Huawei App Gallery
com.google.android.packageinstaller Package name of the Package Installer system app, which is responsible for managing the installation of applications on Android devices. Applications installed manually using an APK file will usually have this package name as their installation source.
unknown
Some applications might have their installation source set as null
. This is considered as the installation source unknown.
This can be true for some system apps or for apps installed through ADB. During development, your applications will fall into this category.
We recommend that you whitelist the com.android.vending to not consider all applications installed from Google Play as suspicious. Make sure to whitelist also com.huawei.appmarket if you do not want to have the applications from this store flagged as well.
The dynamic package name whitelist contains package names that are considered safe and will be ignored in the scan results.
This list is dynamic, meaning you can add to it before, during, or after a scan. This is useful for handling local false positives, allowing users or the integrating application to whitelist less-known but trusted applications.
The whitelist is cleared whenever a new configuration is applied (i.e. when any blacklist is changed).