The story so far: On Monday, security vendor Webroot posted a note on their threat blog warning of possible malware programs masquerading as a London Olympics applications. ZDNet's Rachel King followed up with an article based on Webroot's report which made the threat seem larger than it actually is, so after consulting with Rachel and our editor, I wrote an article of my own Wednesday pointing out any FUD (fear, uncertainty, and doubt) being spread by both postings.
I thought that would be the end of it, but since then there have been 2 updates to Rachel's article and 4 to mine. In addition, the vendor's PR company contacted ZDNet to complain that my article was "unfair and inaccurate," adding that they wanted us to correct the "factual errors".
First, I want to say that I stand by what I wrote in the article, and I consider it to be factually accurate. The origin of the misleading cropped image was unclear, so I did add this update from Rachel:
Rachel contacted me to say that the vendor supplied the full image and that she inadvertently cropped it while uploading the article.
Second, Webroot asked for an opportunity to respond to the article. Here's what they have to say:
"The purpose of Webroot’s blog post is to make users more aware of the permissions they grant any application they install, on any device, before they click 'OK.' The London Olympics Widget shows the user aggregated 2012 Olympics news while also harvesting contact lists, device id and SMS messages. While not specifically malicious, an app for Olympic news does not need all of the above functionality to show who won the latest gold medal. We want to make sure users exercise caution and make informed decisions when downloading apps to whatever device they may use."
"The reason we have classified this as a Potentially Unwanted Application is because it is using the Olympics to draw people into installing their apps so they can make money on multiple aggressive advertisement SDK add-ons. It is the aggressive advertisement SDK add-ons that are requesting permissions to read contacts, look up device ids, and read SMS messages."