From the Windows Phone Marketplace removed "antivirus", collecting personal data

To the surprise of many Windows Phone users, last week some anti-virus application was placed on the marketplace under the AVG Mobilation for Windows Phone. This is interesting in the first place because there are no viruses for Windows Phone (for now? - approx. Transl.) . Secondly, all applications run in the sandbox and do not have access to system files and other applications, so that if a virus appears for this platform, the antivirus will not be able to detect or delete it.

AVG did not seem to be embarrassed by this, and they still released a free application, which, however, has advertising embedded. As you know, some files (namely, photos and music) still have access to applications, and therefore, in the absence of the best, Mobilation checks for them.

Well, or pretending to be checking. According to the analysis conducted by Rafael Rivera, the antivirus is not particularly zealous in checking: it looks at the names of the scanned files, and if they match the string " eicar " or "עברית" ("Hebrew" in Hebrew. Although it would seem, here ZOG - approx. transl. ), then marks such files suspicious.
')
Uselessness, however, does not contradict the rules of the Windows Phone Marketplace, besides the likelihood of viruses that spread through photos and music, is still there. Therefore, the creation of the infrastructure for checking these files seems to be a rather logical move by AVG.

But further investigations revealed that the application was far from useless: a former Microsoft employee, Justin Angel, just decompiled it and discovered that it collects a variety of personal data (including phone ID, carrier, e-mail owner and GPS coordinates ) and sends them to the AVG server.

As a result, Microsoft removed the application from the Marketplace to understand the situation.

AVG claims that this information was used to track the phone , which is turned on by default, so that the user does not lose the phone without turning on tracking. It is not very clear how this works on a non-multitasking platform, and do not forget that there is already such functionality in the Windows Phone platform itself.

Moreover, AVG says that Microsoft is aware of what happened, and AVG even made some changes at their request. It is unclear what this means, but there are two options:

1. AVG tried to send the application to the marketplace, they were not allowed, and they had to make changes
2. Microsoft actively participated in the development of the application

Microsoft only says that “the application has been removed from the market so that we can make sure that it fully complies with our policy”