HTC confirms security issue with Android app

Over the weekend, some folks discovered that a big security hole in HTC's Android-based smartphones could allow any app that uses Android's INTERNET permission to access a number of private user information from that smartphone. Now Engadget has received word from HTC that is is aware of the issue and is working on a solution to fix the security hole.

The issue is apparently related to a recent HTC update that added a suite of logging tools, called HtcLoggers, to a number of Android-based smartphones. The tools collect private user info from the affected phones including location, user accounts, phone numbers, system logs and more. In HTC's statement, it said, "In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application."

While HTC said there is no evidence that any third party app is in fact being accessed by a malware program with this issue, it added that it is working to fix the issue quickly. The statement said, "Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly." In the meantime HTC Android-based owners should be careful when downloading and installing apps "from untrusted sources." HTC gave no indication of when this over-the-air security update will be released.

Report a problem with article
Previous Story

Xbox Live Arcade is losing indie developers, says 2D Boy

Next Story

Adobe announces six new tablet apps

12 Comments

Commenting is disabled on this article.

...we have concluded that while this HTC software itself does no harm to customers' data,...

Wouldn't want to harm the customers data now, would we?

BigBoy said,
Sigh...

Android is turning into Windows XP of mobile world as far as security goes.

this is from htc, not android (google)

What I would like to know is why HTC put data collecting apps on the phone in the first place? What data are they collecting? What about privacy, can you turn these apps off? etc.

Hackersoft MS MVP said,
What I would like to know is why HTC put data collecting apps on the phone in the first place? What data are they collecting? What about privacy, can you turn these apps off? etc.

Yeah, I would wonder as well what they needed this data for...

zeroomegazx said,
Amazing HTC will give an over the air update for this bug but not update its phone OS's to current versions.

This bug effects the HTC EVO 4G, HTC EVO 3D, HTC Incredible, and the Sensation variants. All of these phones have Gingerbread. So what is your pointless complaint now?