search

jberkel / sms-backup-plus

Backup Android SMS, MMS and call log to Gmail / Gcal / IMAP
https://play.google.com/store/apps/details?id=com.zegoggles.smssync
Apache License 2.0
1.79k stars 497 forks source link

Norton warning that SMS Backup is a surveillance app #1057

Open DaleLacey opened 3 years ago

DaleLacey commented 3 years ago

Today (13Mar2021) Norton started warning that SMS Backup is a surveillance app. Using a Samsung S20+. SMS Backup has been installed for years.

kurahaupo commented 3 years ago

@DaleLacey Thanks,

... and geeze ... does Norton actually hire any people to look at Open Source apps?

That said, if one installs apps from 3rd-party websites (not PlayStore or F-Droid) then there's a small chance that the binaries don't match the source code.

Just checking: where did you install from?

kurahaupo commented 2 years ago

@DaleLacey is Norton still claiming this?

DaleLacey commented 2 years ago

Just checked and it's reporting "malware detected" and saying "malware is dangerous and should be removed".

jberkel commented 2 years ago

I've had some reports by users which had SMS Backup+ installed without their knowledge (by a partner etc.), to spy on them. There were even feature requests to hide the app icon. Perhaps this is the source of the malware classification.

MrUzagi commented 2 years ago

I know it's hardly possible to sway a company like Norton, but I must say it feels odd to classify something as dangerous malware simply because it has been used that way. Anything used the wrong way could potentially be dangerous for someone. </ rant >

DaleLacey commented 2 years ago

"Just checking: where did you install from?"

@kurahaupo : I don't actually remember where I got SMS from, but presumably from Google's "Play store" (bloody hell, what a name!). I don't think I've ever sideloaded anything. I'm not a technical person and wouldn't be able to evaluate the risks.

kurahaupo commented 2 years ago

@jberkel Can we do something to make it harder to install surreptitiously?

Perhaps periodically insert a reminder message into the SMS inbox, announcing which mailserver it's dropping messages into, especially if it's not the primary Gmail account of the device?

A less nagging version would be to insert a reminder message only after an SMS is sent or received, and only if the previous reminder (if any) has been deleted.

Even better, keep replacing the message until at least one message has been read but not deleted for a week.