Concerns/Questions:

1. My company currently has two applications in the Play Store. Both use the same permissions, have the exact same code base, the only difference is UI modifications. Why does Norton Mobile flag one as High Risk("Device phone number"), and the other not even a Medium Risk ?

1.1 Prior to downloading both applications, "Scan for Google Play" proclaims both applications are "No Risk"

2. "Device phone number" risk description: "Collects and sends phone number. This can add charges to data plan and is a HIGH privacy risk". How can Norton clam, just because a application has READ_PHONE_STATE permission, they are not only retrieving the device phone number, but also sending it, while adding charges to data plan ?! This is outrageous, I suppose requesting INTERNET permissions should also deem a HIGH risk for incurring data charges...... That point aside, READ_PHONE_STATE permission is also used to determine if a call is in progress or ringing. I think this description is inappropriate.