Over the weekend, some folks discovered that a big security hole in HTC's Android-based smartphones could allow any app that uses Android's INTERNET permission to access a number of private user information from that smartphone. Now Engadget has received word from HTC that is is aware of the issue and is working on a solution to fix the security hole.
The issue is apparently related to a recent HTC update that added a suite of logging tools, called HtcLoggers, to a number of Android-based smartphones. The tools collect private user info from the affected phones including location, user accounts, phone numbers, system logs and more. In HTC's statement, it said, "In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application."
While HTC said there is no evidence that any third party app is in fact being accessed by a malware program with this issue, it added that it is working to fix the issue quickly. The statement said, "Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly." In the meantime HTC Android-based owners should be careful when downloading and installing apps "from untrusted sources." HTC gave no indication of when this over-the-air security update will be released.