HTC Has a Security Flaw

While looking for something to post in this blog I came upon a couple of websites that all said the same thing “HTC Massive Security Vulnerability” Since I own an HTC phone I became intrigued and read what the security flaw was. Some Sense-enabled HTC phones that allow apps with internet permissions can gain access to your private data. Most of the hones at risk are the newer HTC models using Sense, like the Thunderbolt and EVO 3D, include an app called HTCLoggers, this app collects data such as: phone numbers, call logs, email addresses, user accounts, last network and GPS locations, IP addresses, full memory information, battery info/ status(charging and wake lock history).  All this data is then send back to HTC where anyone with some computer knowledge can have access to it. The way this is allowed to have your information is by requesting a single android.permission.INTERNET, this is very common for many apps that connect to the web.

HTC is aware of the issue and they’ve stated   “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.” There are ways to fix the problem; one of them is to remove HTCloggers from a rooted device, the other is not to download any suspicious apps. My phone is an HTC Aria and it doesn’t get any internet reception so I don’t think I should be too worried, but do any of you have an HTC phone that could be in danger?

http://rootzwiki.com/content.php?331-HTC-Security-Bug-Leaks-Your-Personal-Info

http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

http://www.engadget.com/2011/10/02/htc-security-vulnerability-said-to-leak-phone-numbers-gps-data/

Advertisements

5 thoughts on “HTC Has a Security Flaw

  1. I don’t personally have an HTC phone, but from the looks of it, this HTClogger app is a system app that comes with the phone. How difficult would it be to remove this then? I imagine you can’t just delete it like an app you’ve downloaded yourself. Would the average user be able to conceivably do this themselves or are they just out of luck?

  2. I don’t have the app on my phone, but according to the websites describing the app, it shouldn’t bee too hard to remove from your phone. Everyone that has this app should be able to delete it from their phones.

  3. Pingback: DontHateTheGeek

  4. I believe HTC sense is built into the HTC ROM of Android. Isn’t HTC sense built-into all HTC manufactured phones? Its my belief the only way to remove HTC sense is to install a custom ROM on the phone. Something an average user wouldn’t know how to do. Manufacturers put their own custom ‘skin’ on Android to deploy on their devices and often there are bugs not any fault of Android. Even though that its not the fault of Google, doesn’t it still make them responsible to help HTC in fixing the bug? In reality it puts Google in a tough place. Google wants to keep their Android software open (that’s the main appeal to many users of Android) however, keeping it open often opens the door to bugs that hardware manufacturers create when customizing stock Android.

    I’d personally like to have a stock Android phone-if I were to switch back. In eliminating problems like this one, also I would get the full Google experience rather than some crappy skin that a manufacturer put on the phone.

    In conclusion of my comment, this is a nasty bug. People need to become increasingly aware of whats on their phone. I think too often people don’t think of smartphones as computers which they really are. Smartphones have vulnerabilities and bugs just like computers and people need to be aware of them.

    • Well you don’t necessarily have to remove HTC Sense, all you have to do is find the file HTCloggers.apk finding the file shouldn’t be too much of a hassle either, if you have an app like Root Explorer then you can find the file at /system/app/HtcLoggers.apk. I completely agree with you, people need to become more aware of what they’re allowing their phones to do with the phone’s data.

Comments are closed.