User Discovers ‘Massive’ Security Flaws in HTC Smartphones
HTC smartphones have a "massive" security flaw that can make HTC Android phones easy for outside users to access private customer information.
According to a report from Android Police, the vulnerability was discovered by Trevor Eckhart who reported the bug to HTC but never got a reply. He then decided to go public and told Android Police a site that has previously reported on security issues with Android based smartphones.
The security flaw was discovered in free applications that access the internet to collect advertisements. The innocuous app has a system package called HtcLoggers.apk which is installed by HTC onto Android handsets. Apps with this key logger can get data from the user including location and private details of their accounts as well as a list of running tasks and system logs. The logging package even has an interface that allows other applications to request specific information.
Eckhart provided Android Police with a demonstration app and is requesting information from other HTC Android users to determine how widespread the system package is among the HTC devices.
HTC has responded to the security risk with a statement but hasn't provided any solutions to the security breach.
"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
The security breach has affected several popular HTC phones including the HTC Evo 4G, Evo 3D and the Thunderbolt. Users who have HTC smartphones should avoid any free downloads for now.