Earlier this week, a blog post by Android-focused website, Android Police, claimed that following recent updates, when phone manufacturer HTC introduced a new set of logging tools, HTC Sense devices ceased to safely store users' data.
According to Android Police, any mobile application that requests Internet access may have easy access to the user's phone and personal data, and thus may theoretically lead to cloning devices.
'If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,' it stated. 'That is not the case.'
The Washington Post reports HTC has issued an official response to Android Police's claims, saying it was investigating whether the claims were true and what needed to be done.
'HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible,' the manufacturer said in a statement. 'We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.'
Android Police claims any application, on HTC Sense devices, that requests a single Internet permission - android. permission.internet - may be able to access a huge amount of data. The accessible information includes the list of user accounts and email addresses, GPS location, phone numbers from the phone log, SMS data and system logs.
'When you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails,' Android Police stated.
The website also claimed that other information could be accessed, including build number, IP address, memory and CPU info. With this amount of information not being safely locked by the HTC Sense phone, Android Police claims it may be possible to clone a mobile device.
'I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way,' Android Police stated. 'It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door'.
According to the blog, it is impossible to patch the hole without rooting or receiving an update from HTC; meantime, Android Police recommends users to be 'safe'. 'Stay safe and don't download suspicious apps,' it said, adding: 'Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower'.