Home Your IT Mobility HTC accused of 'œmassive' security flaw

HTC Sense phones may be exposing loads of users' personal data and information, a dedicated Android web blog claims.

Earlier this week, a blog post by Android-focused website, Android Police, claimed that following recent updates, when phone manufacturer HTC introduced a new set of logging tools, HTC Sense devices ceased to safely store users' data.

According to Android Police, any mobile application that requests Internet access may have easy access to the user's phone and personal data, and thus may theoretically lead to cloning devices.

'If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,' it stated. 'That is not the case.'

The Washington Post reports HTC has issued an official response to Android Police's claims, saying it was investigating whether the claims were true and what needed to be done.

'HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible,' the manufacturer said in a statement. 'We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.'

Android Police claims any application, on HTC Sense devices, that requests a single Internet permission - android. permission.internet - may be able to access a huge amount of data. The accessible information includes the list of user accounts and email addresses, GPS location, phone numbers from the phone log, SMS data and system logs.

'When you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails,' Android Police stated.

The website also claimed that other information could be accessed, including build number, IP address, memory and CPU info. With this amount of information not being safely locked by the HTC Sense phone, Android Police claims it may be possible to clone a mobile device.

'I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way,' Android Police stated. 'It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door'.

According to the blog, it is impossible to patch the hole without rooting or receiving an update from HTC; meantime, Android Police recommends users to be 'safe'. 'Stay safe and don't download suspicious apps,' it said, adding: 'Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower'.

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

Connect