HTC is promising to plug a security hole in its Android phones that gives certain mobile apps access to a user's personal information.
Recently discovered by a trio of researchers, the vulnerability can expose e-mail addresses, network and GPS locations, phone numbers, SMS data, and system logs to apps that connect to the Internet. The flaw exists among HTC's portfolio of Android phones, including the Evo 3D, the Evo 4G, and the Thunderbolt, and has been traced to a logging tool that HTC recently installed during a software update.
Related stories: Thunderbolt, other HTC phones have big security hole, report claims
Security duo finds another pair of vulnerabilities in Android
Android hole could be used to disable antivirus apps
In a statement released today, HTC acknowledged the security hole in its software but tried to assuage its users about the impact.
"HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application," the company said in its statement. "A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability."
… Read more