Microsoft has pulled a new AVG antivirus app from the Windows Phone Marketplace.
Brandon Watson, Microsoft's director of developer experience for Windows Phone, confirmed yesterday in a tweet that the app had been removed based on research done by two external experts and that the company had started its own investigation.
Launched earlier this week, AVG's new antivirus app for Windows Phone quickly triggered concerns among users, according to enthusiast site WinRumors. Digging into the app's codebase, Justin Angel, a former Microsoft employee, and Rafael Rivera, a self-proclaimed Windows hacker and author of the Within Windows blog, uncovered the reasons for concern.
Rivera asserted that the app just displays ads and scans for EICAR test strings, which are used to test antivirus software. Noting that "there just isn't any malware to scan for on Windows Phone," Rivera dubbed the app "AVG-owned scareware."
Angel also asserted that the app was improperly using a geolocation feature to track Windows Phone devices and send certain data back to AVG, such as the phone make and model and the user's e-mail address and location, according to WinRumors. In a tweet, Angel pointed to the "abuse" of the geolocation feature as a violation of Microsoft's Windows Phone 7 certification guidelines and called for the app to be pulled from the Marketplace.
In tweeting about the app's removal, Watson thanked Angel and Rivera, noted that Microsoft is doing its own investigation, and added that the app should at least offer some functionality.
Grisoft modifies its free AVG product after complaints
AVG update cripples some Windows XP systems
Inside AVG's virus lab
AVG Antivirus for Android
In blog published today but apparently before Microsoft pulled the app, AVG responded to criticism by saying that all of the data collected is used solely for "state-of-the-art GPS tracking." The company promised that it doesn't sell the data or share it without the user's permission and that it doesn't access someone's location with permission.
AVG further asserted that it worked with Microsoft to develop the app.
"Our teams were trained by Microsoft and our software was provided to the company for review and certification prior to release," AVG said in its blog. "We did implement a number of requested changes provided to us by Microsoft."
If AVG's statements are accurate, the question is why would Microsoft certify the app if it did in fact violate its own Windows Phone guidelines? Did Microsoft simply fail to determine exactly what the app was doing behind the scenes?
A statement sent to CNET from Microsoft and attributed to Todd Brix, senior director for product management of Windows Phone Marketplace, confirmed the app's removal but noted that Microsoft is working with AVG to resolve the issues.
"AVG's app has been removed from Windows Phone Marketplace while we work with AVG to ensure that the app is in full compliance with our published policies," the statement read.
AVG did not immediately respond to CNET's request for comment.
Updated at 11:15 a.m. PT with statement from Microsoft.