HTC acknowledges security flaw, plans update to fix

By Armando Orozco

A couple of days ago researchers for Android Police wrote about a security vulnerability in several HTC phones. The vulnerability lies with logging tools installed by HTC. These logging tools collect personal data like user accounts, email addresses, GPS info and SMS data. Having these tools logging users data is one thing but the fact that they are left unsecured and available to be exploited by a 3rd party app is a big blow to the device manufacturer. A 3rd party app would only need to request the INTERNET permission to gain access to the information collected by the tools. Why HTC has these tools in place hasn’t been answered, an answer they’ll have to provide to their customers at some point.

HTC’s public statement: “In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.”


The update will be sent over-the-air and users will receive a notification to install. No word on when the update will be available.

We all have a role to play in keeping our computing secure, but developers have a key role in that they need to ensure their applications are secure when it comes to customer’s data. This happens a lot, most recently with Skype, hopefully with more and more big name vendors being called out we’ll see developers tighten up their code.


Affected phones




EVO Sensation

MyTouch 4G slide

5 thoughts on “HTC acknowledges security flaw, plans update to fix

  1. Any word on whether the Webroot Mobile Security will scan/protect against this threat? I did not see any applications out of the ordinary in the Webroot App Inspector. If not, how to protect? What update is being referred to in the article?

    • At this time there are no known threats that have exploited this vulnerability. To ensure you keep safe only download apps from a trusted source.

      The update will be a patch for the vulnerability in the HTC devices mentioned. If you have one of these phones you will be notified through the device that the update is available, we encourage you to update at that time.

  2. Pingback: ‘Tis the season for mobile malware « Webroot Threat Blog

  3. Pingback: HTC、セキュリティ上の欠陥を認め、フィックスの更新を計画中 « ウェブルート ブログ 日本版

  4. Pingback: HTC、セキュリティ上の欠陥を認め、フィックスの更新を計画中 « ウェブルート ブログ 日本版

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s