Image Image Image Image Image Image Image Image Image Image

HTC Source | September 24, 2014

Scroll to top

Top

No Comments

AVG Virus Scanner For Windows Phone Pulled For Privacy Invasion!

AVG Virus Scanner For Windows Phone Pulled For Privacy Invasion!

As strange as it seemed when an Antivirus app for Windows Phone appeared on the market, most  people saw it as an act of forethought by AVG, pre empting any attack that may come in the future. Malware for smartphones, while not a major threat, it has made the news, especially related to Android devices, in the past. AVG seems to have taken advantage of the FUD, and user lack of knowledge, to wrap a bit of spyware into a software package that claims it protects users from the same sort of intrusion. Former Microsoft Employee @JustinAngel pulled the AVG application apart, and found some surprises.

What Angel found within the AVG code was simple but not what people expected.

// #1: in LocationEngine.cs
  // Invoked from App.Launching event. So, this happens on app startup.
  // Notice how the Lat and Long coordinates are sent to "ParentHub"

In short it looks like the app was at start up gathering user coordinates, and sending them home, as well as a lot of other unique information, like your email address, device information, operator or carrier, OS version and more. avgAngel

SO whether this is a serious attack or not it comes on the back of some other serious complaints of OEM’s and others tracking users, even when they opt out!

In the wake of the Google WiFi sniffing and Apple location logging scandals, one would expect companies to tread lightly when it comes to privacy, at least for the time being. It appears that HTC didn’t get that memo, as evidenced by the newest update for the Evo 3D and Sensation Android phones. Software modders at the famed XDA forums have noticed that these devices are now logging all user actions

So the issue is not confined to Windows Phone, but it does beg the question, how deep does Microsoft’s certification process go? Also how did the app circumvent the user permissions that are usually evident in apps that require use of your geo location etc on the phone. Thank an involved WP community, and developers for bringing this to the attention of Microsoft, as they are now investigating the whole deal.

Bwatson

In terms of how incidents like this affect consumer attitude to a new OS, considering we are expecting a major update to Windows Phone, bad, just bad. While we use our devices for more and more, if you are not actually directly accessing information via a browser and the internet, there can be loopholes in applications. Smartphones are the new window to the world, but they are supposed to be one way, in not out. Privacy is a subjective thing, but any time your info is accessed without permission, it’s just a violation. Hopefully this incident leads to a little tightening up on the certification process for the Marketplace. I expect this to be an ongoing battle!

About Peter Murphy

Peter is an avid gadget hound and owns a Tech focused site called Peterskitchen. Based in Australia Peter has a huge love of HTC devices, and has had one ever since he had the Axim x50 back in 2004. Axim x51, HTC Tytn II, HTC Touch Diamond 2, HTC HD2, HTC Desire, and now the HTC 7 Mozart and HTC HD7