AVG Virus Scanner For Windows Phone Pulled For Privacy Invasion! -
As strange as it seemed when an Antivirus app for Windows Phone appeared on the market, most people saw it as an act of forethought by AVG, pre empting any attack that may come in the future. Malware for smartphones, while not a major threat, it has made the news, especially related to Android devices, in the past. AVG seems to have taken advantage of the FUD, and user lack of knowledge, to wrap a bit of spyware into a software package that claims it protects users from the same sort of intrusion. Former Microsoft Employee @JustinAngel pulled the AVG application apart, and found some surprises.
What Angel found within the AVG code was simple but not what people expected.
// #1: in LocationEngine.cs // Invoked from App.Launching event. So, this happens on app startup. // Notice how the Lat and Long coordinates are sent to "ParentHub"
In short it looks like the app was at start up gathering user coordinates, and sending them home, as well as a lot of other unique information, like your email address, device information, operator or carrier, OS version and more.
SO whether this is a serious attack or not it comes on the back of some other serious complaints of OEM’s and others tracking users, even when they opt out!
In the wake of the Google WiFi sniffing and Apple location logging scandals, one would expect companies to tread lightly when it comes to privacy, at least for the time being. It appears that HTC didn’t get that memo, as evidenced by the newest update for the Evo 3D and Sensation Android phones. Software modders at the famed XDA forums have noticed that these devices are now logging all user actions
So the issue is not confined to Windows Phone, but it does beg the question, how deep does Microsoft’s certification process go? Also how did the app circumvent the user permissions that are usually evident in apps that require use of your geo location etc on the phone. Thank an involved WP community, and developers for bringing this to the attention of Microsoft, as they are now investigating the whole deal.
In terms of how incidents like this affect consumer attitude to a new OS, considering we are expecting a major update to Windows Phone, bad, just bad. While we use our devices for more and more, if you are not actually directly accessing information via a browser and the internet, there can be loopholes in applications. Smartphones are the new window to the world, but they are supposed to be one way, in not out. Privacy is a subjective thing, but any time your info is accessed without permission, it’s just a violation. Hopefully this incident leads to a little tightening up on the certification process for the Marketplace. I expect this to be an ongoing battle!