HTC vulnerability fails to secure user data

3 October 2011

htc-logoA serious vulnerability has been unearthed in several HTC smartphone models that allows almost any app to read sensitive data stored on the handsets.

The security issue was spotted by Android developer Trevor Eckhart and is the result of HTC failing to properly secure information collected by a recently introduced logging application.

This recent phone update, which collects data, exposes a lot of sensitive information like user accounts, email addresses, GPS history, phone numbers listed in the phone log and SMS data.

According to Eckhart, any app with internet permission (aka, Most of the apps on the market) is able to read this data.

HTC EVO 4G, EVO 3D, Thunderbolt, Shift 4G and Mytouch 4G Slide devices have been confirmed as vulnerable. Elsewhere, it is suspected that some models from the HTC Sensation line are suspected to be affected.

The company say: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible."

"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"

[µ]

TOPICS:   Technology   Mobile   Privacy

3 comments

  • Brandon H.
    Key question: Does the information gathering apply only to HTC's own apps (thus if i used 3rd party ones from the app market, would the data still be getting collected)?
  • Will F.
    Things are not looking so good for Google since last weeks additional news report about the Android apps being infested with Malware, this week their share price has suffered too
  • Martin
    Where are all the Apple haters? Oh funny, they're not here

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment