avast Mobile Security is sending SMS without user knowledge

UPDATE: I have been contacted by Avast to clarify this SMS issue and I’m working with them to fix this. I think I found the bug and, if proven, it’s something really funny. I hope I’ll be able to update you soon as I am leaving to EUSecWest conference.

UPDATE2: It was not the bug I was thinking of. After having a few communication messages with Avast, who actually were very helpful, I have to agree with them that this was NOT something they did on purpose – and I didn’t think so at all -  and also “it does not affect a lot of users as it requires special order of tasks to occur“. Indeed I was able to reproduce the bug by recording my steps and performing them on different devices. Maybe it was bad luck for me to discover these steps, but I am happy that I discovered the bug so that Avast’s customers will feel safer. Another thing I want to note is that Avast has issued a test update (only available to few until it will go into production), I applied the fix and I can confirm the issue is fixed now. Great work Avast! Really fast response and much interest showed in solving the problem.

 

A couple of days ago, I have installed on a test Android based phone the avast Mobile Security solution from Google Play – the free version. After a few days when this antivirus solution was turning on the WiFi or the mobile data plan by itself, during the night, I chose to uninstall it.

Now something new came to my attention: I was checking my balance on the phone and noticed that 0.12 EUR were missing. Hmm, maybe I have sent a message to some of my Roaming SIM cards. I logged on to my account to check why I have been billed. I noticed that indeed a message was sent to a number outside my country, but after checking the number I realized this number was not mine.

See the below screenshot from my account:

Avast sends SMS

 

So I looked for the country code: this number - 420720001669 – is from Czech Republic. Searching for this number on the web revealed that avast is actually sending this message. First occurrence from here:

Même problème, je viens de voir sur mon suivi un SMS vers le 420720001669 facturé à 19cts envoyé le 27 aout.

Il me semble que ça coïncide avec l’installation d’Avast Anti-Theft qui a l’autorisation d’envoyer des SMS. Et comme de par hasard AVAST software est une compagnie Tchèque …

which translated would mean:

Same problem, I just saw on my monitor SMS to 420720001669 charged 19cts sent on August 27.

It seems to me that it coincides with the installation of Avast Anti-Theft that has permission to send SMS messages. And as coincidence AVAST Software is a Czech company …

Second result from here

Buenos días, esta mañana al consultar mi lista de llamadas me aparece lo siguiente:

24/08/2012 420720001669 ENVÍO SMS 08:12:02 1 MENSAJE

A esa hora no he enviado ningún SMS me pueden decir a q corresponde dicha numeración? El SMS tiene un coste de 60 cent.

.. and translated:

Good morning, this morning to check my call list I get the following:

08/24/2012 8:12:02 420 720 001 669 1 MESSAGE SENDING SMS

At this time I have not sent any SMS I can say that numbering corresponds aq? The SMS is charged at 60 cent.

Thank you.

There was even a result from Google Play store, but couldn’t find in full so here is the screenshot along with the translation:

September 4, 2012 – … took a printout of the operator found to send an SMS to number 420720001669, struck on the forums that this number was Avast …

To me it’s pretty clear that it’s Avast fault for this. There was only one message sent from my number, but I haven’t used their software for more than 3 days so I can’t say for sure if the message is sent each week for example. I’ll try to contact them and see what they have to say about this.

However, this is something that it shouldn’t happen at all.

In case you have noticed this behavior also, please leave a comment here.

 

You can leave a response, or trackback from your own site.

13 Responses to “avast Mobile Security is sending SMS without user knowledge”

  1. Hello, actually the user gets informed about this. When registering the phone to the avast! account, this message is being displayed in a dialog box and needs to be accepted by the user: “Important note: if avast! Anti-Theft is installed, and your SIM card is later changed, an SMS will be sent to notify your avast! Account. This may be an international SMS, depending on your location.”

  2. PS: reason for this is that in order to make avast! Anti-Theft operate smoothly, we need to update the phone number of the device to our database. We can just find out the new phone number by sending and receiving an SMS. Additionally we’ll be issuing an program update this week which will reduce the number of required SMS to an absolute minimum (only one SMS is sent per SIM card entered, even if it is afterwards changed again).

  3. Shah says:

    My bill arrived yesterday and it recorded 5 global sms. Further investigation with the telco gave me the number 420720001669. A google search brought me to this page. This happened even though I’ve never changed the SIM in my phone.

    Any guide on uninstalling Avast Anti-theft? I’ve managed to uninstall Avast Mobile Security, but Anti-Theft is still present.

    Thanks!

  4. Johnny says:

    Hi,

    I have the exact issue as you have. Actually, I noticed the 2 SMS costing me 0.51 including VAT a few weeks ago but I didn’t find out what there were for until I got my bill.

    What I want to know is should I be worried? And what information was included in these SMS? Hope nothing personal is sent.

    Could you tell me the steps that would trigger the SMS being sent just so that I don’t get charged again?

    You say the issue is now fixed do you know when the update will be made available?

    Thanks

  5. Johnny says:

    I noticed I was being charged for some unknown SMS but didn’t really take notice until I got my bill yesterday. There were two text messages sent both on the same day.

    Should be concerned and completely remove avast? Also, what information was included or sent to 00420720001669?

    Could you tell me the steps required to trigger a SMS being sent so that I don’t get charged again?

    Thank you

  6. [...] Por curiosidad, busqué el número al que “envié el SMS” en Google (el número es 00420720001669) y me encontré este primer resultado: “Avast! Mobile Security está enviando SMS sin conocimiento del usuario“. [...]

  7. Alessandro says:

    Hi! I noticed that I was charged BRL 0,79 for a SMS to the number 420720001669. I use an iPhone 4S and I don’t have any Avast app in it. Do you guys have any ideia what it could be?

  8. Christophe says:

    j’ai remarqué sur ma facture de septembre que le numéro qui revient sur ma facture de téléphone 004207200001669 en tchèquie ou j’ai jamais envoyer de SMS à ce numéro
    si quelqu’un pourrais m’éclairer ce serait super merci à vous

  9. Dann says:

    I installed Avast Mobile Security two days ago and I just received 8 SMS from my own number that I’ve never sent and 2 SMS more from 420720001669, so I can assure that the issue is not fixed yet. I’m so disappointed with this app.

    P.D.: I apologise for my bad English I’m from Spain.

  10. Aio says:

    I have nine SMS messages for this number from September at 50 yen each. I get a tracking message from Avast every time I reboot my phone, so I’m wondering if the SMS is sent at this time. Is there an easy way to switch off whatever behaviour is sending out the SMS messages?

  11. rahj says:

    Hi, I have the same problem with all of you. I also sent a message with that anonymous number but does not have any idea when and how did i send it (but thru avast!).

    Now my concern is will avast! charge me again? I’m worried because I am starting to like avast! but noticing this thing makes me think to uninstall avast!

    What do you think? I need help. Any suggestion? THANK YOU!

  12. jose manuel says:

    It happened to me. And I turn off my mobile phone several times beacause I cant use it at work. Im being charged by my telephone company 25€ beacause of your bug. By the way, I paid for the antivirus (for my computer) and I didnt get a discount for BUGS. What am I supose to do? Pay for another NON BUG Antivirus for my computer?

    I want answers

Leave a Reply to Aio

Powered by WordPress