Interview The Register caught up with AVG (and ex Mozilla) CEO Gary Kovacs at Mobile World Congress last week.

AVG is talking up its Zen security product – a sort of mobile device management for the home – which Kovacs says is extending to cover Internet of Things (IoT). “You will be able to manage your wearables as well as the key parts of your connected home through the dashboard,” he says.

Kovacs boasts of 200 million AVG users, half of whom are on mobile, though many are non-paying users. “Our commitment is that people can use our base product on a single platform for free,” he says. “If you want integration with other platforms, or other functions, you will have an opportunity to do so on either an à la carte basis or to sign up for new subscription service, coming to market later this quarter.”

Android malware is most prevalent in the developing world, where more untrusted apps are installed, but Kovacs recognises that most users there will never become paying customers.

“In that part of the world and in a lot of the developed world,” he said, “they are relying on applications that are developed locally but there is a lot of criminal intent. We thought, it is a threat to the overall world network, it is a threat to them, it is a threat to the adoption of mobile, so we said, free.”

In the Internet of Things era, where home alarms and sensors talk to the internet, will we see software security extend to cover other kinds of security? “It is an interesting area. We’re going to do that via partnerships,” says Kovacs. “Zen is going to have a very clean and open API, so we can go to alarm companies, we can go to credit-scoring companies, we can go to reputation companies and we can say, plug-in.”

Kovac’s open source background shows when he talks about collaborative APIs in the security industry – or the lack of them. “Today the ecosystem does not play well together. Everybody is trying to do this thing individually and it is very inefficient. The alarming part is that companies are coming up with their own proprietary platform to manage the Internet of things. Why don’t we just create open protocols and standards and start to allow these things to interact?”

He is also campaigning against lack of transparency in privacy policies. “We did a study. We took my phone, every app that I have and the websites I looked at over a two-week period. We downloaded and analysed all those privacy policies and at an average reading rate we determined that it would take 76 days to read, and a law degree because they used words that I don’t understand.”

Privacy policies are misleadingly named, since they do not tell you how your privacy is protected, but rather how much data you agree to give away.

“I’m issuing the one-page challenge,” says Kovac. “Get your privacy policy down to one page in a language that everybody understands. We are going to show our new mobile privacy policy on one mobile page. Lawyers vetted it, so we can do it. We operate in almost every country around the world. There is no excuse, as an industry we are just lazy.”

If we like free services and free mobile games, should we accept data gathering as the cost? “That argument is the most pervasive and I say, if it is that simple why don’t you clearly articulate that to your users?” says Kovac. “The first step for anything is awareness. I just think we have to put some sunlight on this issue as an industry.”

What about those scammy intermediary download sites that advertise on search engines, so that when a user goes to download the likes Apple iTunes or Adobe Reader, they get diverted to a third-party site which installs a pile of doubtful adware before eventually redirecting to the real download?

“Our Internet suite detects those, when you have been redirected to a site other than what you intended. By the way, that core Internet suite is free. There is no excuse for people,” Kovacs says. “We have to stop and pay attention. As consumers we have to believe that this is the new normal, Just like in New York you wouldn’t walk down a dark street without some sense of what is happening.”

Do those companies ever sue AVG, because your product is obstructing their business?

“We get those all the time. We get demand letters, we get threatening letters. My stance is that we have developed what we think is a very acceptable level of criteria that denotes if you are a legitimate site.” If not, “then we block them. If it is time to revisit the rule let’s have an industry debate about that. And you know what, not in one case have they come back and sued. We haven’t made any exceptions and we have never been sued.”

Does he think that AVG has a role in protecting from government threats to our security and privacy as well as those coming from what we traditionally think of as a criminal fraternity?

“It is very hard, because that goes through the network,” Kovacs says. “I don’t know any technology that will fix that except for VPN technology, which is why so many in government are opposed to VPN.”

A price worth paying to protect against terrorism? “I would like to see as much protection as I can, but at what cost? At the cost of our basic human rights? I think we have to have much more debate.” ®