Since traced relies on the context of a detection in its calculation of the “most likely app(s)”, it is possible for this deduction to be incorrect. This is where you come in, the user, to verify the deduction based on your knowledge of the event.
Firstly, double check the event information. Although the “most likely app” prediction can sometimes be incorrect, the event itself is very accurate (e.g. what happened). It may be that there’s an evasive, nasty app lurking in the background on your device. If you see one, head to the app analysis section of the app in question where you can uninstall it, revoke its permissions or kill its background processes.
Why might the “most likely app” be wrong?
We take every measure to improve the accuracy of our predictions at traced and we take false positives seriously. As traced is a third party app on your device (not a System/Root app), the amount of contextual information available is limited by Android for security reasons; this can result in incorrect predictions of “most likely app”. As a result of this, the “most likely app” deduction should never be considered as an absolute conviction, but a useful indicator of possible compromise on your device.
What if the “most likely app” is wrong?
If you suspect the event/app prediction to be incorrect, you can take one of the following measures to respond appropriately:
- If there is a single incorrect event, simply scroll to the bottom of the event and select “SUPPRESS” and allow traced to continue running in the background.
- If an app is incorrectly showing as high risk due to a number of false positives, you may want to clear the data on your device so that your app can start it’s self learning from scratch. You can do this within the in app settings page by selecting “Clear All Data”. WARNING: this will delete all historic event and app data from traced.
- You may also wish to selectively disable certain types of events: if a particular event type is creating too much noise, if a particular event type is resulting in incorrect detections, or, to selectively investigate certain behaviour.