Solved.
Kudos0

Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Yesterday, I installed an Update (Version 8.4.0) to my Norton Password Manager on my NOT ROOTED T-Mobile OnePlus 6T smartphone on Android 11.  This morning when I accessed the app, I got this message:

Norton Password Manager

X  Security Risks Found

60 days remaining to resolve potential security risks on this device.

More  Details


Security Risks Found

Norton Password Manager identified potential security risks on this device. To help keep your sensitive information secure, we recommend that you contact your carrier or retailer's service to have the device restored. You have 60 days to resolve these security risks before support for this device ends. You can still access your vault from other devices.

Learn More

Close


Norton, my OnePlus 6T IS NOT repeat IS NOT rooted.  It has never been rooted.  Your update 8.4.0 BROKE IT, so I would appreciate it if you would please fix it.

(Modifying/altering a customer's phone via an "update," then telling that customer to "contact your carrier or retailer's service to have the device restored" (aka We're sorry we broke your phone--now, you fix it),  does not seem to me to be a "friendly" or appropriate way to do business.  Furthermore, Norton Password Manager will not permit me to take a screen shot of the error.  The "Steps" are simple enough--I updated the app through Google Play--that's all I did!  And now it tells me my phone is ROOTED, BUT IT ISN'T!  Obvious conclusion--THE UPDATE DOESN'T WORK RIGHT.  Please, fix the update.)

Accepted Solution
Kudos1 Stats

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

We have analyzed the issue you are facing and it appears that the T-Mobile variant of the OnePlus Android OS has left behind some properties that are supposed to be in the non-prod build of OS. This may potentially cause security risks to sensitive apps like Norton Password Manager.

We understand how important Norton Password Manager is to you and we want to assure you that we take the safety of your data very seriously. This is an important decision that we need to make in order to mitigate any potential risks to the data stored in your password manager app.

We appreciate your understanding and patience in this. we suggest that you check with T-Mobile/OnePlus for more information on this issue.

Replies

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Something does not sound right here, besides the messages you are seeing. Norton Password Manager should not be scanning for vulnerabilities. That would be the job of Norton 360. 

Are any of the phone's features still working?

Have you restarted the phone after getting these messages?

Do you have any other device that you can use to take a picture of the message? 

EDIT

Does the message show up in a browser window? If so, it might be a scam message from a malicious ad on a web page you are viewing.

I just installed that update on an older Samsung Tab A on Android 9 and have not seen any messages like you are seeing. 

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, having a really hard time uploading the pics.  I keep getting blank pages after hitting "Save."  When I come back, nothing has posted!  I'll keep trying.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Those two images are what I see in the Norton Password Manager (NPM) app for Android.  This is awful, because my device (a OnePlus 6T from T-Mobile) IS NOT ROOTED, nor has it EVER been rooted.  The warning from NPM just isn't right!  And it seems like awful "customer service" for Norton to pass out an "update" to NPM that effectively ruins the app for me, and they expect me to go and "fix it" myself!  It's just wrong, and NOT the kind of great "customer service" I've come to expect from Norton.

I have 5 other pictures showing what I see when I press "Learn More," but I'll try and post a link, so you can read it yourself.  It just makes zero sense to me--my phone is not rooted.  ☹️  Here's what I see when I press "Learn More."

support.norton.com/sp/en/us/norton-identity-safe/current/solutions/v20230207091900323?inid=sso_idss_support_rooteddevice&ssdcat=310&helpid=rooteddevice&displang=iso3%3aeng&displocale=iso3%3ausa

Peterweb - Also, please show this screenshot I made from my Norton 360 app (also on my phone), which clearly shows that my T-Mobile OnePlus 6T IS NOT ROOTED.  Something must be wrong with NPM.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

I am inclined to suggest uninstalling NPM, restart the device, and then reinstall NPM and test. 

Checking the specs for your device, it looks like it uses a proprietary version of Android, the OxygenOS. It could be something in the proprietary changes that the new version of NPM is taking exception to, thinking it has been rooted.

If a reinstall does not help, I'll escalate this thread to get the right team looking at this issue.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, I tried as you suggested, uninstalling and reinstalling.  No luck, totally unusable, it won't even open, just a message saying it won't work on this device.  Please elevate, and thanks again for your efforts.

Kudos1 Stats

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Have you checked to see if there is any issue with your 360 app?

I'll escalate this NPM issue anyway.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Hello Peterweb, yes, I've run a scan, done a LiveUpdate, etc, and seen no messages about incompatibility, rooting, or anything else that would indicate a problem with Norton 360.  That was another thing which initially made no sense to me--why both Norton apps wouldn't be giving me the same message about "rooting?"  So, now I'm wondering, is that something else that's "coming down the pike?"  Is Norton going to ruin Norton 360 Mobile for my OnePlus 6T, too??  Again, this whole "rooting issue" just stinks, especially for someone like me, whose only experience with "rooting" has been pulling up weeds...  Thanks again again, Peterweb; your effort is appreciated.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

While waiting for a response from Norton, you might also post the issue with the device's manufacturer's support/forum. Maybe some other apps are displaying similar messages.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, thank you, I just did that moments ago (to OnePlus).  Their website says they will "usually" respond within 48 hours (we'll just see about that).  They sent me an email including a Case Number.  Following is what I requested (to keep you and the NPM Devs in the loop):  "My phone is a OnePlus 6T, Android 11, Build ONEPLUS A6013_34_211123, Locked. Norton Password Manager v8.4.0.3010 shows msg, "Norton Password Manager identified potential security risks on this device. This device is no longer supported. To continue using our service on this device, we recommend that you contact your carrier (T-Mobile) or retailer's service to have the device restored. Norton Password Manager app does not work on Android rooted devices." MY PHONE IS NOT ROOTED--PLEASE RESOLVE".  I submitted the request to them at approx 4:11 PM CDT 5/20/2023.  I'll advise when I hear back, and Thanks again.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, an update. OnePlus replied and wants me to do a hard reset on my phone. I regularly backup my data on the Google server, but I'm doing another backup right now, just to be sure everything's okay. As you know, backups have a habit of not FULLY restoring everything, so I'll also be busy restoring purchased apps (eg, RadarScope), looking at quite a few settings, etc, so it's going to take the better part of this afternoon (I'm old and slow, remember?). One of the key features I'm going to need to restore is (surprise, surprise) Norton Password Manager (NPM). Depending on how Google restores apps to the phone, I will TRY to make NPM the first app restored, so I can check to see where "Your phone is rooted" shows up, if it does at all.  If in fact it is a third-party app causing the problem, I think it's important to have a "clean" phone, to see how NPM behaves when apps are restored "one at a time."  That process, if I can even do it, is gonna be PAINFULLY slow. I'll only update if and when "Your phone is rooted" shows up. If I'm successful in restoring EVERYTHING as it was, and get no root issue, I'll update then too. Again, please remember--I have never rooted this phone (I don't even know how rooting is done). Therefore if root was done, it must be (I'm assuming) a third-party app that did it. Cheers for now. PS Did I mention what a pain in the * this is??

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, second update. T-Mobile advised to utilize the Root Checker app from the Google Play Store to check my device for root. Root Checker showed no root (see screenshots), also, remember that earlier, Norton 360 even shows "No rooted device detected." T-Mobile therefore determined that the fault must be with the NPM app--a "false positive" type glitch. So, I then replied to OnePlus AND PasswordManager@nortonlifelock, that T-Mobile's assessment is there must be a "false positive" by NPM. I also told them I would not do a hard reset, since "no root" would be a non-causative factor in this case. (Note: In my reply, I brought up this Forum and your name as a moderator, just so nortonlifelock could see what actions had been taken to this point--I hope you don't mind that I did that.) I hope to hear back from PasswordManager@nortonlifelock on this--I am assuming that is the "team" you escalated this to? Thank you again!

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Depending on how Google restores apps to the phone, I will TRY to make NPM the first app restored, so I can check to see where "Your phone is rooted" shows up, if it does at all.

Just an FYI. It would be better to just install your apps directly from the Google Play Store app. That way it would eliminate the possibility that a bad app got backed up to your Google backup.

And thanks for the promotion to moderator, but I am just a lowly guru who volunteers my time to try to help others with my experience with Norton products.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, hi.  I apologize for my mistake about your status, I always assumed you were a mod.  Well...as long as you aren't...let me just say I think you should be, since you do a great job.  (2,502 solutions?  That's a bunch!)    Also, I should have made it clear at the start, that to the best of my memory all my phone's apps have been installed through the Google Play Store.  Two notable exceptions may be Norton 360 and NPM, which if I'm not mistaken, were installed via links when I purchased the Norton 360 Deluxe product.  Even my banking/financial apps and Veterans Administration apps were downloaded through Google Play Store, so there should be no problems with any of the apps.  (It just seems that whenever I need to restore a device, some random app "goes missing."  I don't know why...I just know I have never experienced a "perfect" restoration from Google backup with any device.)  Thanks again.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Dear OmoOmo,

We apologize for the inconvenience you have experienced with Norton Password Manager. We would like to request that you install the “RootBeer Sample” app from Google Play here https://play.google.com/store/apps/details?id=com.scottyab.rootbeer.sample on your device and share a screenshot of the results with us. This will help us better understand the issue and assist you in resolving it. Thank you for your patience and cooperation.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Hello Dinesh, here is the result, if I used it correctly--I pressed the padlock symbol, and I am assuming it "did what it was supposed to do."  What in the world is "Dangerous Props"?  There is nothing "dangerous" on my phone at all, to my knowledge.  Is this a "false positive?"  Awaiting your guidance and thanks again.  PS - OnePlus wants a response from me within 3 days, or they'll close their case on their end.  I am writing them a short email, asking them to leave it open for the time being, while Norton investigates further.

Kudos1 Stats

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Thanks for sharing the Screenshot. This helped us understand the issue better. We have found reports of similar issue impacting other apps with the T-Mobile variant of the OnePlus Android 11 OS in some forums.
https://community.oneplus.com/thread/1523131

We will analyze the impact of this dangerous prop and try to find ways to avoid this, we will get back to you with more information.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Hello Dinesh, private message sent to you.  I really look forward to your guidance, and hopefully, a good solution to this problem.  I definitely miss the use of my Norton Password Manager, very very much!  Thank you, and have a good day!

Accepted Solution
Kudos1 Stats

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

We have analyzed the issue you are facing and it appears that the T-Mobile variant of the OnePlus Android OS has left behind some properties that are supposed to be in the non-prod build of OS. This may potentially cause security risks to sensitive apps like Norton Password Manager.

We understand how important Norton Password Manager is to you and we want to assure you that we take the safety of your data very seriously. This is an important decision that we need to make in order to mitigate any potential risks to the data stored in your password manager app.

We appreciate your understanding and patience in this. we suggest that you check with T-Mobile/OnePlus for more information on this issue.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Dinesh, thank you.  Pending conversation with my local T-Mobile Store, I will hold off marking this as the solution for now.  Frankly, I'm not confident a "local store" will have the ability to do much; but perhaps they can forward my concerns to someone in T-Mobile who can develop a remedy for the issue.  I'll have to "wait and see," but I will let you know as soon as possible.  Thanks again to both you and Peterweb for your efforts with this problem.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

I am seeing the same issue on my Samsung S22. I purchased the phone myself so it is not running any mobile suppliers version of Android.

It is telling me that I have 47 days to resolve the issue.

I have verified that the device has not been rooted.

The phone is using Android Version 13.

Please advise.

Fergal 

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Did you run the app suggested by @dinesh_babu in this post above? What was the result?

FYI. Samsung does use a proprietary version of the android OS, which has often caused incompatibilities and strange behaviours with apps, including Norton.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

I give up and I am uninstalling Norton Password Manager from my T-Mobile branded OnePlus 6T.  It just seems to me that the companies involved in "developing and/or breaking the app" on my phone just don't want to (or can't) work with one another to get it fixed, and there's nothing I can do about that.  Sorry, but SOMEONE (I don't know who) ruined Norton Password Manager's functionality with my phone, and I can't investigate the problem any further.  I'm basically in no position to determine, "who broke what and why."  (Thanks to Peterweb and Dinesh for their work.  But I want to add that what was suggested to me on T-Mobile's Community board by someone--that the OnePlus 6T has reached its end of life--is no more than a cookie-cutter comment, meant to placate branded 6T owners.  That app SHOULD WORK but it DOESN'TShame on whomever fouled it up.)

Kudos1 Stats

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Sorry you got caught in the proprietary OS app conflicts. 

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

"...proprietary OS app conflicts."  Seems more like, "stealthily-engineered obsolescence" (aka "incompatibility obsolescence")...    (And as long as I can possibly avoid it, I will NEVER buy a "branded device" again.  These comments weren't meant as a dig on you, Peterweb...thank you again, for trying to help.)

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

I've run the tool and attached a pdf of the screenshot. It is showing "SE linux Flag is Enabled" as the cause for being labelled as rooted.

Please advise.

Fergal 

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

I've run the tool and attached a pdf of the screenshot. It is showing "SE linux Flag is Enabled" as the cause for being labelled as rooted.

Let's see if @dinesh_babu can look into your result.  This could be a Samsung proprietary Android version causing this.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Sorry, one last thing.  I request a "favor" from Norton re: Norton Password Manager (NPM) for Android.  If Norton does develop a compatible version of NPM for T-Mobile branded devices, could Norton please post that on the Community Norton Password Manager Forum?  (I realize it is likely the NPM Developers will never create a "compatible version" of the app.  However, because I can no longer use NPM on my device, I will not know if a compatible version IS developed (since I'm not updating the app via Google Play.)  Again, thanks for your help.  At least Norton 360 for Android is still working on my phone, for now.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

As you say, it is not likely Norton would have the resources to produce a version of NPM specifically for one manufacturer's devices. All the additional diagnosing the proprietary OS code, coding for that specific OS, and testing that the changes for that OS did not mess up the app for all the other devices using a standard Android OS would just not be a good business model.

It would be more for the users to watch for the next update from the device manufacturer and then try installing NPM again and testing.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, that was my feeling as well; but I was curious about the possibility.  You touched on that, so thanks very much.  In terms of security, given the likelihood of the older app version being compromised by an "bad actor" (I would expect that likelihood to be fairly small), do you suppose I could use a previous NPM version's APK in place of the current one (eg, from Apkpure; I see that Apkpure has a "relatively good" reputation acc. to NordVPN).

Lastly, do you know if Norton 360 will detect malicious or re-engineered APKs?  I see they have versions 8.4.0 (17 May 2023), 8.3.0 (7 Mar 2023), 8.2.2 (16 Feb 2023) available for download.  Since the app stopped working about a month ago, I am guessing the appropriate one for me would be 8.3.0.  That version would at least offer the latest security patch(s) at the time it was released, but also avoid the conflict from whatever "proprietary code" caused the new one to fail.  (Of course, it obviously goes without saying, that installing an old APK would be done "at my own risk.")

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Instead of using an APK that you cannot be 100% sure is safe, and that you have to reduce the built in Android protection of only using the Google Play Store, you could look into using another password manager. There may even be one already on your device..

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Peterweb, thanks again.  I believe that if I did have one before I subscribed to N360, I undoubtedly uninstalled it after installing NPM.  I'll probably just go without on my phone; besides, having NPM on my two laptops already is more than enough "bother" for me...    Take care.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Hi, I haven't had a response since attaching the screenshot on the 4th. I what timeframe can I expect an official reply? I checked the app again today and it is still showing the same issue with 45 days now remaining to solve the issue.

Please advise.

Thanks,

Fergal

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

fbutler:

Hi, I haven't had a response since attaching the screenshot on the 4th. I what timeframe can I expect an official reply? I checked the app again today and it is still showing the same issue with 45 days now remaining to solve the issue.

Please advise.

Thanks,

Fergal

As noted earlier, this is an issue with a proprietary version of the Android OS. The changes that the manufacturer makes often conflict with apps, including Norton. It is usually not possible to code for those changes while maintaining compatibility with all other devices that use the original Android OS.

Have you contacted Samsung Support to see what they have to say about the findings of the root checker app?

I have escalated your post again to try to get you an official reply from Norton.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

No, i haven't contacted Samsung as the only issue I am having is with the Norton App which I am paying Norton for as part of my Norton subscription. From my perspective it is up to Norton to address any issues with their rooted device detection algorithms when such occurences are flagged to them. If that means Norton need to address the issue with Samsung then I expect Norton to raise the issue with Samsung.

Fergal

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

fbutler:

No, i haven't contacted Samsung as the only issue I am having is with the Norton App which I am paying Norton for as part of my Norton subscription. From my perspective it is up to Norton to address any issues with their rooted device detection algorithms when such occurences are flagged to them. If that means Norton need to address the issue with Samsung then I expect Norton to raise the issue with Samsung.

Fergal

The app you used that detected the linux issue is not a Norton app. It is a tool that the Norton employee asked be used in this thread to detect any 'rooting' issues with the OS on a user's device. In this case, as with the OP, it is not how Norton is detecting it. It is something in the OS that could cause a security risk. That is why Norton flags it.

As it is an issue with the OS, the best Norton could do is notify the manufacturer that this issue has arisen. It is up to the manufacturer to fix their proprietary OS code.  Remember the more noise that is made, the more chance of a quick fix. So if you and every other Samsung customer that is seeing this issue reports it to Samsung, the better chance that something will be done.  You could start by checking Samsung user forums to see if others are seeing similar issues.

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

Hi Peter,

Thanks for the feedback, however here's my perspective:

1) I have a issue with a Norton App that says my device is rooted

2) I don't have enough expertise in Mobile devices to know if this is actually the case

3) I've been asked to provide diagnostic data to Norton using a 3rd party app which I don't know, and would need to spend significant time researching to verify the veracity of its findings. (A simple google search suggests it may be flagging false positives for the SE Linux Flag). I've provided this diagnostic data for people more knowledgeable in this subject to use in the diagnostic process.

4) I could spend a significant amount of time researching the app, and the in depth details of what defines a "rooted device" or I can seek for people with more expertise than me to address the issue with Samsung (If it actually is a Samsung Issue)

5) If I had sufficient knowledge in this area I would be more than happy to engage with Samsung, however I don't have appropriate levels of knowledge in this area to do so. As such I rely on the company that I'm taking a service from, and who should have appropriate knowledge in this field, to recognise this and engage with relevant 3rd parties such as Samsung to solve the issue as that's what I am paying my subscription for.

6) I see no point in posting onto Samsung forums with my extremely limited knowledge of the subject matter where I would be doing nothing more than saying "Norton say my device is rooted and here's a screenshot of a 3rd party app that I know nothing about to prove it". The potential here would be that I would then become a non-knowledgeable conduit for liaising between Norton and Samsung to address the issue. I would rather follow a proven methodology where the issue is reported to the owner of the app displaying the issue and they use their expertise to address it with any other 3rd parties rather than having users like me, that don't have the required knowledge, to try and address the issue with 3rd parties.

As such I need Norton to take ownership of this issue and address the underlying cause. If the underlying cause is Samsung then I hope that  knowledgeable Norton engineers  will be able to talk to knowledgeable Samsung Engineers to address the issue.

I hope this makes sense to you.

Fergal

Kudos0

Re: Security Risks Found - Rooted Device?? (IT IS NOT ROOTED)

6) I see no point in posting onto Samsung forums with my extremely limited knowledge of the subject matter where I would be doing nothing more than saying "Norton say my device is rooted and here's a screenshot of a 3rd party app that I know nothing about to prove it". The potential here would be that I would then become a non-knowledgeable conduit for liaising between Norton and Samsung to address the issue. I would rather follow a proven methodology where the issue is reported to the owner of the app displaying the issue and they use their expertise to address it with any other 3rd parties rather than having users like me, that don't have the required knowledge, to try and address the issue with 3rd parties.

The whole point of support forums is to help people that do not know all the details of an issue they are having with a device or a product. You could start by searching the forum for others that may see a 'rooted' issue with an app. If you found no results, there is nothing wrong with being the first to report it. That can start the conversation where others chime in that they also have seen this. And maybe one of those posters will have had a solution to the issue you are seeing. 

Obviously you are free to do what you feel is best for you. We are only volunteers here trying to help others with our knowledge of the Norton products.