AfWall 4.0.2 F-Droid build flagged as malicious

Hi folks!

The F-Droid build of AfWall 4.0.2 made 5 engines on VirusTotal go crazy:

virustotal.com

VirusTotal

VirusTotal

The build directly from github was fine on the other hand.

The developer of AfWall suspected a false positive because of gcc static compiled binaries and released a new version with NDK binaries. But he had no explanation for why his build didn’t trigger any engines, while the F-Droid build did. More context here:

github.com/ukanth/afwall

[ISSUE] 4.0.2 F-Droid - virus ?

opened 05:34PM - 25 Feb 26 UTC

closed 06:14AM - 01 Mar 26 UTC

      cayenne17
    

Critical

https://www.virustotal.com/gui/file/69b70b8da4c891ce7b194dea7d9abff6bea1e35d674f…9dbccb272f44eee7b493?nocache=1

There was no issue with 4.0.1 and 4.0.3 from F-Droid, by the way.

Anyone with more expertise than me care to investigate? Is it possible that the build process from F-Droid got compromised?