Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Norton warning that SMS Backup is a surveillance app #1057

Open
DaleLacey opened this issue Mar 12, 2021 · 7 comments
Open

Norton warning that SMS Backup is a surveillance app #1057

DaleLacey opened this issue Mar 12, 2021 · 7 comments
Labels
awaiting response awaiting response from reporter

Comments

@DaleLacey
Copy link

Today (13Mar2021) Norton started warning that SMS Backup is a surveillance app. Using a Samsung S20+. SMS Backup has been installed for years.
@kurahaupo
Copy link
Collaborator

@DaleLacey Thanks,

... and geeze ... does Norton actually hire any people to look at Open Source apps?

That said, if one installs apps from 3rd-party websites (not PlayStore or F-Droid) then there's a small chance that the binaries don't match the source code.

Just checking: where did you install from?

@kurahaupo kurahaupo added the awaiting response awaiting response from reporter label Jan 1, 2022
@kurahaupo
Copy link
Collaborator

@DaleLacey is Norton still claiming this?

@DaleLacey
Copy link
Author

Just checked and it's reporting "malware detected" and saying "malware is dangerous and should be removed".

@jberkel
Copy link
Owner

jberkel commented Jan 2, 2022

I've had some reports by users which had SMS Backup+ installed without their knowledge (by a partner etc.), to spy on them. There were even feature requests to hide the app icon. Perhaps this is the source of the malware classification.

@MrUzagi
Copy link

MrUzagi commented Jan 2, 2022
edited
Loading

I know it's hardly possible to sway a company like Norton, but I must say it feels odd to classify something as dangerous malware simply because it has been used that way. Anything used the wrong way could potentially be dangerous for someone.
</ rant >

@DaleLacey
Copy link
Author

"Just checking: where did you install from?"

@kurahaupo : I don't actually remember where I got SMS from, but presumably from Google's "Play store" (bloody hell, what a name!). I don't think I've ever sideloaded anything. I'm not a technical person and wouldn't be able to evaluate the risks.

@kurahaupo
Copy link
Collaborator

@jberkel Can we do something to make it harder to install surreptitiously?

Perhaps periodically insert a reminder message into the SMS inbox, announcing which mailserver it's dropping messages into, especially if it's not the primary Gmail account of the device?

A less nagging version would be to insert a reminder message only after an SMS is sent or received, and only if the previous reminder (if any) has been deleted.

Even better, keep replacing the message until at least one message has been read but not deleted for a week.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting response awaiting response from reporter
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jberkel @kurahaupo @MrUzagi @DaleLacey