openstore-team team mailing list archive

Thread
Date

Re: Thank you for your app submission

To: Hosein Ghanbari <hosein.iprogramer@xxxxxxxxx>
From: Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx>
Date: Tue, 13 Dec 2016 19:51:19 +0100
Cc: "openstore-team@xxxxxxxxxxxxxxxxxxx" <openstore-team@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <EBBB6820-9A5F-4F04-BA11-CB220657EE58@yahoo.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1


On 13.12.2016 18:41, Hosein Ghanbari wrote:
> Hi
> 
>> upstartusersession.chahn it was a false detection and after double
>> check it was removed scan team.(scan team says because it's not
>> opensource)

Thanks for pointing this out. This was a mistake on my end. I forgot to
add the link to the source archive. I've fixed this now.


> Sommergram.jdev is malicious because it's send user data to a third
> party server and developer not declared why ? 

I would feel better if the antivirus app would also provide a
description on why an app has been classified as malicious. However,
that's just feedback, I would not block its submission based on that...

Br,
Michael

>>  
> 
> Sent from my iPad
> 
> On Dec 13, 2016, at 8:40 PM, Michael Zanetti
> <michael.zanetti@xxxxxxxxxxxxx <mailto:michael.zanetti@xxxxxxxxxxxxx>>
> wrote:
> 
>> Hi Hosein,
>>
>> may I ask for the reason why you think sommergram.jdev is malicious?
>> Also, when I read through the code it was also blacklisting
>> upstartusersession.chahn in a fallback path but that seems to be gone
>> now. Was that just for testing and an accidental commit, or did you have
>> reason to assume upstartusersession.chahn would be malicious too?
>>
>> In general I'm a bit worried about the approach to blacklist other
>> people's apps on your discretion only. Seems there's some potential for
>> abuse there. Can you elaborate on the process on how you determine if an
>> app is malicious or not?
>>
>> Br,
>> Michael
>>
>> On 13.12.2016 17:27, ‪hosein ghanbari‬ ‪ wrote:
>>> Hi Brian
>>> thank you for app review.
>>> this address "http://80.82.69.185/click.list"; is my online malicious
>>> click list for antivirus database , better app scan and less update.
>>> also i think when you reviewed app my sever was in os reinstall process
>>> and now link is responsible.
>>>
>>> screenshots attached.
>>>
>>> thanks.
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Brian Douglass <bhdouglass@xxxxxxxxx
>>> <mailto:bhdouglass@xxxxxxxxx>>
>>> *To:* hosein.iprogramer@xxxxxxxxx <mailto:hosein.iprogramer@xxxxxxxxx>
>>> *Cc:* openstore-team@xxxxxxxxxxxxxxxxxxx
>>> <mailto:openstore-team@xxxxxxxxxxxxxxxxxxx>
>>> *Sent:* Tuesday, 13 December 2016, 9:41:01
>>> *Subject:* Thank you for your app submission
>>>
>>> Hi Hosein,
>>>
>>> Thank you for your app submission. We have reviewed it and can move
>>> forward with including it in the OpenStore. There was one thing I was
>>> curious about, what is this this ip: http://80.82.69.185/click.list ?
>>> When I go to this site it just gives me a default apaache2 page. Can you
>>> give us some insight here?
>>>
>>> Also, could you resend the images in your last email? For some reason I
>>> didn't get the last email.
>>> Brian
>>>
>>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: Thank you for your app submission
From: Hosein Ghanbari, 2016-12-13

References

Thank you for your app submission
From: Brian Douglass, 2016-12-13
Re: Thank you for your app submission
From: ‪hosein ghanbari‬ ‪, 2016-12-13
Re: Thank you for your app submission
From: Michael Zanetti, 2016-12-13
Re: Thank you for your app submission
From: Hosein Ghanbari, 2016-12-13