Symantec PGP Viewer does not implement
false or have
true) having a defining
backupagent attribute in its application. This allows android backup service to take backup of the application and reinstall on a different device with all the required keys to decrypt.
$ adb backup com.symantec.pgpviewersymantec
I do not classify this as a critical security vulnerability. However, this is definitely a good security improvement that can be utilized to prevent unauthorized backups of application. But if this application is used for confidential communication, I would not consider this to be a secure practice.
In our past experience with Symantec, they stated end point based security vulnerabilities/ improvements are not a concern for SymantecPGPViewer. They intend only to fix security issues that compromise PGP integrity over the network. And hence won’t fix such issues.