AVG is going to have to rethink its mobile application strategy if it wants its security app reinstated in the Windows Phone Marketplace. Microsoft removed the security software vendor's app from the Marketplace after learning that it might be harvesting a bit too much information from users and sending data back to AVG's servers.
The app, which was launched last week, raised some red flags with users, concerns that were justified after former Microsoft employee Justin Angel dug through the code, according to WinRumors . Angel's app autopsy revealed that AVG was improperly using the Geo Location API to keep tabs on a device's location and send identifying data back to the security vendor.
"@ JustinAngel @ WithinRafael AVG app pulled from marketplace. Doing some investigations, but want functionality certainty. Thanks for the heads up," Microsoft's Brandon Watson, Director of Developer Experience for Windows Phone, posted to Twitter .
Rafael Rivera, hacker and Within Windows blogger, was critical of AVG's app for a different reason.
"Unfortunately, there just isn't any malware to scan for on Windows Phone. So... what does this thing do? It displays ads and scans for EICAR test strings," Rivera posted on his blog .
The lack of viruses on the Windows Phone platform shouldn't be a knock against AVG, not if you live by the idiom, "An ounce of prevention is worth a pound of cure." But exploiting the Geo Location API? That wouldn't be cool. And AVG says not to worry, everything's kosher.
"AVG believes that the Windows Phone 7 OS will continue to increase in popularity and, as it does, it will become a high value target for thieves and hackers. For this reason, we made a strategic decision to deliver a security product to this platform in its very early days – as we did with Android," AVG stated in a blog post .
AVG also addressed concerns about the Geo Location API, saying that "All of the data we collect is used solely to offer users an excpetional security service with state-of-the-art GPS tracking," and that it does not share user data, mine user data for patterns, use data to target ads, or access location data without user permission.