UPDATE2: It was not the bug I was thinking of. After having a few communication messages with Avast, who actually were very helpful, I have to agree with them that this was NOT something they did on purpose – and I didn’t think so at all -  and also “it does not affect a lot of users as it requires special order of tasks to occur“. Indeed I was able to reproduce the bug by recording my steps and performing them on different devices. Maybe it was bad luck for me to discover these steps, but I am happy that I discovered the bug so that Avast’s customers will feel safer. Another thing I want to note is that Avast has issued a test update (only available to few until it will go into production), I applied the fix and I can confirm the issue is fixed now. Great work Avast! Really fast response and much interest showed in solving the problem.

A couple of days ago, I have installed on a test Android based phone the avast Mobile Security solution from Google Play – the free version. After a few days when this antivirus solution was turning on the WiFi or the mobile data plan by itself, during the night, I chose to uninstall it.

Now something new came to my attention: I was checking my balance on the phone and noticed that 0.12 EUR were missing. Hmm, maybe I have sent a message to some of my Roaming SIM cards. I logged on to my account to check why I have been billed. I noticed that indeed a message was sent to a number outside my country, but after checking the number I realized this number was not mine.

See the below screenshot from my account:

So I looked for the country code: this number - 420720001669 – is from Czech Republic. Searching for this number on the web revealed that avast is actually sending this message. First occurrence from here:

Même problème, je viens de voir sur mon suivi un SMS vers le 420720001669 facturé à 19cts envoyé le 27 aout.

Il me semble que ça coïncide avec l’installation d’Avast Anti-Theft qui a l’autorisation d’envoyer des SMS. Et comme de par hasard AVAST software est une compagnie Tchèque …

which translated would mean:

Same problem, I just saw on my monitor SMS to 420720001669 charged 19cts sent on August 27.

It seems to me that it coincides with the installation of Avast Anti-Theft that has permission to send SMS messages. And as coincidence AVAST Software is a Czech company …

Second result from here

Buenos días, esta mañana al consultar mi lista de llamadas me aparece lo siguiente:

24/08/2012 420720001669 ENVÍO SMS 08:12:02 1 MENSAJE

A esa hora no he enviado ningún SMS me pueden decir a q corresponde dicha numeración? El SMS tiene un coste de 60 cent.

.. and translated:

Good morning, this morning to check my call list I get the following:

08/24/2012 8:12:02 420 720 001 669 1 MESSAGE SENDING SMS

At this time I have not sent any SMS I can say that numbering corresponds aq? The SMS is charged at 60 cent.

Thank you.

There was even a result from Google Play store, but couldn’t find in full so here is the screenshot along with the translation:

September 4, 2012 – … took a printout of the operator found to send an SMS to number 420720001669, struck on the forums that this number was Avast …

To me it’s pretty clear that it’s Avast fault for this. There was only one message sent from my number, but I haven’t used their software for more than 3 days so I can’t say for sure if the message is sent each week for example. I’ll try to contact them and see what they have to say about this.

However, this is something that it shouldn’t happen at all.

In case you have noticed this behavior also, please leave a comment here.