Google Play Protect is flagging certain versions of Vanced Manager
Google recently cracked down on Vanced, one of the most popular YouTube app alternatives for Android, and sent its developers a cease and desist order. As a result, the developers took Vanced offline, forcing users to look for other YouTube Vanced alternatives. But that doesn’t seem to be the end of the Vanced saga.
Since current versions of Vanced continue to work, some users still have the app installed on their devices. Along with the main Vanced app, users also have the companion Vanced Manager app on their phones. Recent reports on Reddit and Twitter reveal that Google Play Protect has now started flagging the Vanced Manager app as “harmful,” prompting users to uninstall it. This has raised questions about the legitimacy of the Play Protect warning, as the service previously did not flag the Vanced Manager app.
Although Google hasn’t offered an official statement on why Play Protect is suddenly targeting the Vanced Manager app, Esper‘s Mishaal Rahman speculates that it could be due to the fact that Vanced Manager can use root access to install apps.
According to this page: https://t.co/JiZzF73WNV
the string “this app tries to bypass Android’s security protections” for the following PHA categories:
-Elevated privilege abuse
Vanced Manager can use root to install apps, so I can see why it’d be flagged.
— Mishaal Rahman (@MishaalRahman) March 29, 2022
As you can see in the attached screenshot, the Uninstall prompt specifies that Vanced Manager “tries to bypass Android’s security protections.” This warning message corresponds to the ‘Elevated privilege abuse’ and ‘Rooting’ categories defined in Google’s official Play Protect warning strings for malware and mobile unwanted software (MUwS) documentation.
But that doesn’t explain why Play Protect only targets certain versions of the Vanced Manager app. Testing indicates that the Play Protect warning only pops up for Vanced Manager v2.6.0, which is an older release. Users who have the latest version (v2.6.2) installed on their devices do not get the same warning. Vanced’s developers have also commented that they do not know why only one version of the app is affected, and we’re left scratching our heads too.
From the git diffs that I checked, the only difference was between 2.6.0 and 2.6.1. Latter introduced BusyBox usage in root shells, but that’s just it. In 2.6.2 we reverted the change completely as it was proved broken in some OEM ROMs. I might be missing something though.
— Xinto (@X1nto) March 29, 2022
It’s worth mentioning that while you can’t download Vanced Manager from its official website any longer, you can still get it from trusted sources like APKMirror and then install other Vanced apps from within. In addition, Play Protect doesn’t seem to flag Vanced Manager v2.6.0 for all users. I installed the APK on two of my devices and while I got the warning on my Pixel 4a, I did not get one on my Galaxy S22 Ultra even after scanning manually.