Source: worked on something similar a long time ago

Likely hash based scanning like most virus scanners. It will have a set of signatures for various types of malware (keyloggers, local DNS servers, etc), and looks through the apk (which is just a zip file) for things it knows are bad like financial malware added to the app.

Their process for adding signatures to their database and how they label them is fully opaque and completely up to them, like any other antivirus company. So they could incorrectly label things intentionally and you’d have no way to know.

given your device is now compromised you should probably get a new one unless you trust android is able to fully remove the app. Because some financial malware will intercept 2fa sms from your bank.

You’re forgetting the part where they had an option to disable this fuckery, and then proceeded to move it twice - exposing containers to everyone by default.

I had to clean up compromised services twice because of it.

Your readline config sucks because the default sucks.

Add this to your .inputrc:

"\e[A": history-search-backward
"\e[B": history-search-forward

real men write their code one bit at a time with a laser pointer and a fiber optic network cable

Or you could just use zig which is better at compiling C than C (the second it supports the espressif chips I’m never touching C again)

Many cloud providers (the cheap ones in particular) will put patches on top of the base distro, so sometimes root always gets a password. Even for Ubuntu.

There are ways around this, like proper cloud-init support, but not exactly beginner friendly.