HTC Android Phones Leak Troves of Personal Data

A serious security flaw exists in several HTC-manufactured Android phones that enables virtually any app to access private data stored on the device, including call logs, text messages and email addresses.

Discovered by the security blog Android Police, the vulnerability allows apps that request Internet permission to access the phone’s last known GPS location, phone numbers, encoded text and systems logs, which could include email addresses, phone number and other private information.

This security slip-up could affect the millions of Android users who think nothing of downloading apps from the legitimate Android Market, many of which are configured by default to access the Internet.

“Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the Internet permission (to submit scores online, for example), you don’t expect it to read your phone log or list of emails,” Android Police’s Artem Russakovskii wrote.

[How Your Android Phone Data Could Be 'Gone in 60 Seconds']

The Android phones affected by this flaw include the HTC EVO 3D, the EVO 4G and the Thunderbolt. The list is expected to grow as Android Police continues to run a proof-of-concept exploit on more HTC devices, including the MyTouch 4G Slide and the EVO Shift 4G.

Russakovskii wrote that the phone flaw exists due to a suite of new logging tools HTC introduced to its devices during recent upgrades.

“The only reason the data is leaking left and right is because HTC set their snooping environment up this way,” he said. “It’s like leaving the keys under the mat and expecting nobody who finds them to unlock the door.”

To make matters worse, Android Police says smartphone owners are virtually helpless against this security bug, which can be fixed only by an update from HTC. As a temporary safety measure, Android Police wrote, “Stay safe and don’t download suspicious apps.

In an email to SecurityNewsDaily, HTC wrote, “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

Article provided by SecurityNewsDaily, a sister site to Laptopmag.com.


LEAVE A REPLY
Name*
Email* (will not be published)
Website
*Indicates required field
Comments*
Submit Comments

FIND A REVIEW
Laptops
All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Brand
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating Editor's Choice 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
Resolution
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options
SUBSCRIBE