Anyone carrying an HTC phone around in their pockets will be startled to hear that their Android devices could actually put them at risk. Apparently, virtually all HTC devices have a gapping security hole that makes emails, GPS locations and text messages accessible to outsiders. Any app could potentially use this information for identity theft and other breaches of privacy without your knowledge if you simply allow it to access the Internet. How could have HTC allowed such a major screw-up to happen in the first place?
The worst part about the whole scandal is that HTC unknowingly opened up this security hole with their latest update, which came with a new logging tool. This harmless looking logging tool actually saved all of your sensitive private information to a special non-secured location on your phone. It looks like even the most genius of programmers can make such a simple and embarrassing mistake.
So anytime you allow an app to access the internet (including potentially harmful apps camouflaging as legitimate ones), it can automatically access and then save the following personal data:
- list of all user accounts, including email addresses
- archive of recent GPS and network locations
- phone numbers
- text messages including phone numbers
- system logs (which can include sensitive information including emails, phone numbers etc.)
According to Android Police, this is just the tip of the iceberg. They've also been successful at accessing other pieces of data such as current running processes, CPU information, phone data and list of installed apps. Not all of this information will necessarily lead to identity theft, but the fact alone that HTC has left the door open for malware to come in and steal your information is more than just unnerving.
Although we cannot double-check the validity of the claims made by Android Police, the evidence looks pretty solid and believable.
We've known about the security hole since September 24th, but it is only today that we can see the full picture. HTC has been keeping a low profile so far. No official statements or reactions have been made public. Unfortunately, that's probably a sign that there is in fact a huge problem and HTC has yet to come up with a solution. According the most plausible scenario, HTC should be releasing a new update to patch up this security hole as soon as possible.
Source: Android Police