HTC Android Smartphones Reportedly Have Big Security Vulnerability

Apparently if you are an owner of an Android smartphone from the HTC stable, the word doing the rounds is you need to be aware there has been a “massive” security venerability recently discovered on several high end HTC Android devices

According to an article over on Android Community, the guys over at Android Police have published the security flaw that apparently stems from a customisation that HTC “implemented on the core Android system.”

Word is that HTC customisation enables any application on effected devices that asks for a single “android.permission.INTERNET, can also get hold of the list of user accounts, along with email addresses and sync status for each, last known GPS and network locations, SMS data including encoded text and phone numbers as well as phone numbers from the phone log, and also system logs (both kernal / dmesg and app / logcat.)

The guys say by using the “INTERNET permission” any app can also access at least…

ACCESS_CORE_LOCATION
ACCESS_FINE_LOCATION
ACCESS_LOATION_EXTRA_COMMANDS
ACCESS_WIFI_STATE
BATTERY STATS
DUMP
GET_ACCOUNTS
GET_PACKAGE_SIZE
GET_TASKS
READ_LOGS
READ_SYNS_SETTINGS
READ_SYNC_STATS

The guys do state that the only reason “the data is leaking left and right is because HTC set their snooping environment up this way” and it is like “leaving your keys under the mat and expecting nobody who finds them to unlock the door.”

Apparently the smartphone affected are only those with stock Sense firmware and include the HTC EVO 4G, HTC EVO 3D, HTC Thunderbolt, the T-Mobile MyTouch Slide 4G, the HTC EVO Shift, along with some HTC Sensation handsets and the upcoming HTC Vigor.

HTC has apparently responded on the matter by stating… “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

If you have enjoyed this Phones Review article feel free to add me your circles on Google+ and I will of course add you back.

Live Comment

Your email address will not be published.