Home Your Tech Mobility HTC accused of 'œmassive' security flaw
×

Warning

JUser: :_load: Unable to load user with ID: 3729

HTC accused of 'œmassive' security flaw

  • 04 October 2011
  • Written by 
  • Published in Mobility

HTC Sense phones may be exposing loads of users' personal data and information, a dedicated Android web blog claims.

Earlier this week, a blog post by Android-focused website, Android Police, claimed that following recent updates, when phone manufacturer HTC introduced a new set of logging tools, HTC Sense devices ceased to safely store users' data.

According to Android Police, any mobile application that requests Internet access may have easy access to the user's phone and personal data, and thus may theoretically lead to cloning devices.

'If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in,' it stated. 'That is not the case.'

The Washington Post reports HTC has issued an official response to Android Police's claims, saying it was investigating whether the claims were true and what needed to be done.

'HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible,' the manufacturer said in a statement. 'We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.'

Android Police claims any application, on HTC Sense devices, that requests a single Internet permission - android. permission.internet - may be able to access a huge amount of data. The accessible information includes the list of user accounts and email addresses, GPS location, phone numbers from the phone log, SMS data and system logs.

'When you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails,' Android Police stated.

The website also claimed that other information could be accessed, including build number, IP address, memory and CPU info. With this amount of information not being safely locked by the HTC Sense phone, Android Police claims it may be possible to clone a mobile device.

'I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way,' Android Police stated. 'It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door'.

According to the blog, it is impossible to patch the hole without rooting or receiving an update from HTC; meantime, Android Police recommends users to be 'safe'. 'Stay safe and don't download suspicious apps,' it said, adding: 'Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower'.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!