From the Windows Phone Marketplace removed the "antivirus" that collects personal data

Original author: Peter Bright
  • Transfer
To the surprise of many Windows Phone users, last week a certain antivirus application was posted on the marketplace under AVG Mobilation for Windows Phone. This is interesting firstly because there are no viruses for Windows Phone (yet? - approx. Transl.) . Secondly, all applications run in the sandbox and do not have access to system files and other applications, so if a virus for this platform appears, the antivirus will not be able to detect or delete it.

AVG didn’t seem to be embarrassed, and they still released a free application, which, however, has built-in ads. As you know, some files (namely photos and music) still have access to applications, and therefore, for lack of a better one, Mobilation checks them.

Well, or pretending to check. According to the analysis conducted by Rafael Rivera ( of Rafael Rivera is ), anti-virus is not particularly zealous in checking: he looks at the names of files to be scanned, and if they coincide with the line " eicar " or "עברית" ( «Hebrew» Hebrew. Although it would seem, with here ZOG - approx. transl. ), then marks such files suspicious.

Uselessness, however, does not contradict the rules of the Windows Phone Marketplace, in addition, there is still a chance of viruses that spread through photos and music. Therefore, creating an infrastructure for checking these files seems to be a pretty logical move on the part of AVG.

But further investigations showed that the application was far from useless: a former Microsoft employee, Justin Angel, decompiled it and found that it collects a variety of personal data (including phone ID, carrier, owner’s email and GPS coordinates ) and sends them to the AVG server.

As a result, Microsoft removed the application from the Marketplace to understand the situation.

AVG claims that this information was used to track the phone , which is turned on by default, so that it would not appear that the user lost the phone without turning on tracking. It is not very clear how this works on a non-multi-tasking platform, and one should not forget that Windows Phone itself already has such functionality.

Moreover, AVG says that Microsoft is aware of what happened, and AVG even made some changes at their request. It is not clear what this means, but there are two options:
  1. AVG tried to send the application to the marketplace, they were not allowed, and they had to make changes
  2. Microsoft actively participated in the development of the application
Microsoft only says that “the application was removed from the market so that we can make sure that it is fully consistent with our policy”
Tags:

Also popular now: