• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

High and medium risk false positives

It appears that the Android mobile security app is detecting a large number of high and medium risk apps. Several of these are being picked up due to a high background data usage or high battery use. Some examples are Kindle, subway, weather channel, Google drive, amongst others. I realize i can hit trust on some of these but the list keeps changing every few days. The other surprising piece is that apps such as PayPal and Hulu constantly come up as high risk due to privacy data they share such as sim card data. Talking with both companies, they claim my data is safe. Wondering if the Norton app is too sensitive? Not always a bad thing but in this case, having 15 reputable apps on the high and medium risk list might border on paranoia.

Replies

Kudos0

Re: High and medium risk false positives

I have brought this to Norton's attention. They are looking into it. I'll Post back if I hear anything.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: High and medium risk false positives

I get the same thing. I click on an app (google earth) you say there is no threat to install, then once it's installed i get messages saying 'vulnerable'. Well? Which one is it? It can not be both!
Kudos0

Re: High and medium risk false positives

What details are given for the app being vulnerable?

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: High and medium risk false positives

Here are screenshots of 3 apps. All have been tagged as high risk by Norton - 2 of them just for having high background data usage. Hope this helps.
File Attachment: 
Kudos1 Stats

Re: High and medium risk false positives

These are not false positives as such. It seems the latest update seems to be more sensitive/aggressive in flagging apps. They are only flagging that the issues noted might not be acceptable to you. And with this information, you choose whether or not you want to allow the app on your device.

The high background data usage could be a game stopper if a user has only a limited data plan with expensive overage charges.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: High and medium risk false positives

That's what I thought first as well. But as I looked at it more, I saw that Norton App Advisor is actually telling me that my "device is at risk". It's right there on the opening screen in the app (and it can be scary the first time :)) It so happens that all my apps in there are due to a similar reason (high data use) but what would happen if I were to inadvertently install something that was actually malicious. I might completely ignore Norton App Advisor since it has been flagging apps only for data usage. Imho, those 2 things cannot be mixed into one bucket as it defeats the purpose of Norton. Those apps are not a threat to security but only to my pocket, in a situation where my data plan is terrible. Instead, it would be just fine to have a category where the apps are not malicious but have a high data usage. I can then choose to take action accordingly. And leave the "risk" category to apps that I must take action on immediately. I appreciate the dialog on this.
Kudos1 Stats

Re: High and medium risk false positives

App adviser does not scan for malicious behavior. It just looks for the permissions required by the the app and allows you to choose whether you are comfortable allowing the app to do what it asks. ie The background data usage, the sim data access, access to contacts, etc.

Malware detection is done after the app is downloaded by the Anti Virus feature of the app.

Things happen. Export/Backup your Identity Safe data.
Kudos2 Stats

Re: High and medium risk false positives

Hi from the product team, thanks for the great insight. This is very valuable feedback. We are always looking to improve our product and this helps us greatly. We will look to improve the product based on your feedback. 

Finally, one confusing that I'll quickly point out. We have different technology for both malware and other things like greyware (like privacy risks). We probably didn't describe it clearly but in App Advisor for Google Play, we combine these things for ease of use. However, within the app, we do call things out separately. Different people have different levels of paranoia so we leave the choice up to you. For items that just hit your pocket, you can "trust" the app so as not to have it red flag you every time you open the app.

Kudos0

Re: High and medium risk false positives

Glad to hear Symantec chime in! I wanted to add that I would love the option to globally disable certain things checked by app advisor, such as background data usage or cpu/memory/battery usage. Having to explicitly tell it to trust each app for these issues that I don't care about really just gets in my way. I'd like to be able to customize app advisor to only report stuff I actually do care about -- privacy and security -- rather than annoy me with what are to me spammy notifications. Thanks!

Kudos0

Re: High and medium risk false positives

What bothers me the most about the App Advisor is that even though the device has been scanned dozens of times, apps will be added to "untrusted" even though they have not been updated, therefore data usage, privacy settings, permissions, etc. have not changed.

So, what is happening here? Were these apps not previously scanned even though I can see entries in the Activity Log stating "Malware scan ran due to LiveUpdate" and "Malware scan ran due to schedule" as well as the notifications that updated apps were scanned?

_________________Do the voices in my head bother you?
Kudos1 Stats

Re: High and medium risk false positives

If the App Advisor definitions were updated, they may have incorrectly changed the detection values for your apps. Recently there have been some apps reported as medium or high risk that were not flagged in the past.

You can report false positive indications here https://submit.symantec.com/false_positive/  Be sure you note that you are seeing this on a mobile device. 

In the mean time, if you are absolutely sure there has been no change to your apps, you can trust the app and stop the warnings.

Things happen. Export/Backup your Identity Safe data.
Kudos0

Re: High and medium risk false positives

Hi Telebears,  I saw this post and wanted to follow-up.  I just installed Norton and my Spotify app is showing up as high risk.  I installed it from Playstore just a few days ago.  Is this a false positive?

Kudos0

Re: High and medium risk false positives

jhenry1014

Are you seeing the same things noted in the posts above? What feature is being noted as the high risk? If it is Data usage, it is like what has been posted above by myself and by @telebears. You are given this message as a warning that the app may use a lot of data, which could cost you extra money if you are on a limited cell data plan. If this is all that is being warned about, you can decide if you have enough data limit, or if you only use wifi, you can just trust the app.

Things happen. Export/Backup your Identity Safe data.

This thread is closed from further comment. Please visit the forum to start a new thread.