If you enjoy music on your phone using the Spotify app, chances are that the anti-malware application on your device will detect it as a malware if it happened to be an ESET Mobile Security Antivirus app. However, there is nothing to worry, and you actually don't need to get rid of Spotify as the alert has been confirmed to be a false positive.
Marcos, an administrator on the ESET forums, has responded to multiple queries about the issue, confirming this. Additionally, Marcos has also assured that a new definition update will rectify this error and has apologized for the inconvenience caused to users. He writes:
It's a false positive. A new update is being prepared which will address it. We apologize for the inconvenience.
The false positive is alerting users of Spotify being a Trojan dropper, as you can see in the image below. The issue was brought to our notice by Nick H., who is a supervisor on our Neowin forums. The latest ESET definition module version 25622 is affected by the bug. Therefore, one of the future updates should resolve the issue.
For those wondering, a Trojan dropper, as the name suggests, is used to deliver additional malware, generally trojans, on to a potential victim's phone or PC. Hence, it is pretty deadly and should be immediately removed in cases where you don't expect them to be false positives.
Thanks for the tip, Nick H.!