Home Your Tech Mobility HTC accused of 'œmassive' security flaw

HTC Sense phones may be exposing loads of users' personal data and information, a dedicated Android web blog claims.

Earlier this week, a blog post by Android-focused website, Android Police, claimed that following recent updates, when phone manufacturer HTC introduced a new set of logging tools, HTC Sense devices ceased to safely store users' data.

According to Android Police, any mobile application that requests Internet access may have easy access to the user's phone and personal data, and thus may theoretically lead to cloning devices.

'If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,' it stated. 'That is not the case.'

The Washington Post reports HTC has issued an official response to Android Police's claims, saying it was investigating whether the claims were true and what needed to be done.

'HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible,' the manufacturer said in a statement. 'We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.'

Android Police claims any application, on HTC Sense devices, that requests a single Internet permission - android. permission.internet - may be able to access a huge amount of data. The accessible information includes the list of user accounts and email addresses, GPS location, phone numbers from the phone log, SMS data and system logs.

'When you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails,' Android Police stated.

The website also claimed that other information could be accessed, including build number, IP address, memory and CPU info. With this amount of information not being safely locked by the HTC Sense phone, Android Police claims it may be possible to clone a mobile device.

'I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way,' Android Police stated. 'It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door'.

According to the blog, it is impossible to patch the hole without rooting or receiving an update from HTC; meantime, Android Police recommends users to be 'safe'. 'Stay safe and don't download suspicious apps,' it said, adding: 'Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower'.

WEBINAR 26/27th May

Thinking of deploying Business Intelligence (BI)? So are your competitors.

And the most important, fundamental, tool for delivering your BI information to your users? Dashboards.

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

Connect

 

 

 

 

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities