Home Your IT Mobility HTC accused of 'œmassive' security flaw

HTC Sense phones may be exposing loads of users' personal data and information, a dedicated Android web blog claims.

Earlier this week, a blog post by Android-focused website, Android Police, claimed that following recent updates, when phone manufacturer HTC introduced a new set of logging tools, HTC Sense devices ceased to safely store users' data.

According to Android Police, any mobile application that requests Internet access may have easy access to the user's phone and personal data, and thus may theoretically lead to cloning devices.

'If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,' it stated. 'That is not the case.'

The Washington Post reports HTC has issued an official response to Android Police's claims, saying it was investigating whether the claims were true and what needed to be done.

'HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible,' the manufacturer said in a statement. 'We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.'

Android Police claims any application, on HTC Sense devices, that requests a single Internet permission - android. permission.internet - may be able to access a huge amount of data. The accessible information includes the list of user accounts and email addresses, GPS location, phone numbers from the phone log, SMS data and system logs.

'When you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails,' Android Police stated.

The website also claimed that other information could be accessed, including build number, IP address, memory and CPU info. With this amount of information not being safely locked by the HTC Sense phone, Android Police claims it may be possible to clone a mobile device.

'I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way,' Android Police stated. 'It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door'.

According to the blog, it is impossible to patch the hole without rooting or receiving an update from HTC; meantime, Android Police recommends users to be 'safe'. 'Stay safe and don't download suspicious apps,' it said, adding: 'Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower'.

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Connect