Microsoft has confirmed it is investigating a recently approved antivirus application for Windows Phone 7.
The AVG virus scanning application was made available earlier this week and has generated a great deal of questions and controversy. Justin Angel, a former Microsoft employee, took the application apart after questions were raised about its validity and use. Angel found that the application is improperly using the Geo Location (GeoCoordinateWatcher) API to track a device and send a number of key identifying data to AVGs servers. AVG appears to collect the phone make, model, a users email address and their location.
Windows hacker Rafael Rivera also questioned the use of the application after discovering it only scans for an EICAR test string and the word עברית (Hebrew). The application is loaded with adverts and can be set to automatically download virus definition updates. WPCentral points out that the application may send the data back to AVG for the following reasons:
- Quality assurance
- Info is sent to their Android app
- Geo info is used for location based search
- Collected data is used for marketing purposes
Microsoft revealed on Thursday that it is investigating the application. Microsoft’s Brandon Watson said he was “looking into” the app following concerns from users on Twitter. WinRumors reached out to Microsoft and a spokesperson confirmed the company is assessing the application. “We are investigating the behavior of the AVG antivirus app and will provide an update when we have more to share,” said a Microsoft spokesperson. At the time of writing the application is still available in the Windows Phone Marketplace.