Is AVG Security Suite The First Windows Phone Security Breach?
Most of you know AVG – the free antivirus and internet security software for your PC. They’ve branched out to mobile devices and have an Android security app. Their most recent app is actually for Windows Phones though. The AVG Security Suite has the following description:
Free Security Suite from AVG Mobilation – security software for Windows Phone™.
Keep your device safe with just one click.
Safe Web Surfing
Stay safe from phishing and malware while surfing the web
Allowing you search the web avoiding malicious web sites
But it also does a search of your phone to make sure it’s ‘protected’. What does that mean? The XAP has been reviewed by Rafael Rivera and it searches for precisely two things in your photo and music: the words EICAR and עברית (which is Hebrew for the word “Hebrew”). Because of the way that Windows phone sandboxes applications you can’t search outside of these elements and that’s also why this whole thing is silly since you can’t readily have a virus in Windows Phones currently since no one has breached the walls Microsoft has put up so far. But this is only the beginning of what the app does.
Justin Angel also took a spin at the XAP and it actually is doing a bit more than reviewing your phone for two files:
If you want to see the code he’s looking at, he’s provided it here. So what we have is an application that is collecting your location and device information and it sends all possible identifying information to the server through HTTPs XmlRPC. Here’s the information it’s collecting:
Is this legit? Is this permissible under Microsoft’s guidelines?
Let’s file this one under “to be continued” because it appears as though there’s a possibility that this app gets removed from marketplace if everything above is correct. It also means there will be some explaining to do.
Remember that at Pwn2own this year no attempts were made at Windows Phones because there are no known exploits so a security suite (particularly one that can’t run in the background or scan third party apps) is pretty meaningless at this point. Well maybe it can scan itself…that would have helped from the beginning.
UPDATE: Yup this caught Microsoft’s attention: