7 Replies Latest reply: Sep 11, 2013 12:24 AM by dtbullock RSS

    McAfee All Access detects threat on Android smartphone: CloudAgent.  False positive?


      I have a Galaxy 4S and McAfee All Access.


      McAfee is currently reporting:


      CloudAgent  - High threat risk - Your app is a Trojan and it can:

      - Tracks your device's battery status

      - Tracks when you use Wi-Fi and data networks

      - May access your device's battery status


      McAfee All Access offers to remove this application.  However, it is not able to - it says "Uninstallation unsuccessful" when pressing the "Remove" button.  Indeed, in Android's 'Application Manager', CloudAgent only appears under the 'All' tab, and it is only possible to 'Disable' it where the 'Uninstall' button should be.


      I suspect that, while McAfee's assessment may be heurisitcally correct, CouldAgent is in actually a part of the phone's firmware.


      At the direction of McAfee's useless technical support for All Access, I already upgraded the phone's firmware from:   PDA:MDE / PHONE:MD8 / CSC:MD8 (TEL)

      to: PDA:MG4 / PHONE:MG1 / CSC:MGA (TEL).   While this did increment the version number of the CloudAgent 'trojan', it did not cause McAffee to stop classifying CloudAgent as a Trojan in scans.


      So, what's the story?  Is this:


      a) a false positive;

      b) a true positive, which indicates:

           i) that my phone firmware is non-stock;

          ii) that my phone firmware is stock, but that it has a genuine security flaw which should be corrected?