Flaws in the HTC Android smartphone gives hackers easy access to steal important user data, a security researcher said Friday.

Trevor Eckhart gives more information in a proof-of-concept video uploaded to YouTube.

Eckhart said he informed HTC of the vulnerability on September 24, but has heard nothing in reply, which he saw as a signal for him to disclose the vulnerability to the public.

The flaw, which affects, multiple models of HTC smartphones running Android, could allow attackers to steal a user's GPS location, SMS data, and phone numbers, Eckhart says. Any application granted Internet permission can access the HTCLoggers.apk file, which records user information, he notes.

It is said to expose multiple HTC Android smartphones, including two that are sold in Australia - the HTC Sensation, sold on a plan with Telstra, and the HTC EVO 3D, sold by both Vodafone and Telstra.

In a report at Sydney Morning Herald, HTC said Monday it took customers' security "very seriously" and was "working to investigate" the reported vulnerability as quickly as possible. "We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Australian security expert at Stratsec, Nick Ellsmore, said that from a user perspective the security flaw exposed on the Android Police blog was "far more serious than the iPhone 'location tracking scandal', which turned out to mostly be a non-event once the details emerged, or the Facebook 'like' button tracking after log-out of last week."

The HTCLoggers vulnerability has been verified by researcher on Android Police, who called the flaw "massive."

"It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door," the reviewers said of the vulnerability.